绿盟科技发布了本周安全通告,周报编号nsfocus-17-24,绿盟科技漏洞库本周新增109条,其中高危93条。本次周报建议大家关注 windows lnk文件远程代码执行漏洞 。微软官方已经在6月份发布的安全补丁中修复了此漏洞,受影响的用户应立即通过windows自动更新服务来下载更新该安全补丁来防护。对于无法及时更新补丁的主机,建议禁用u盘、网络共享的功能。
<a href="http://toutiao.secjia.com/windows-lnk-rce-cve-2017-8464" target="_blank">windows lnk文件远程代码执行漏洞</a>
nsfocus id 36895
cve id cve-2017-8464
受影响版本
windows 10
windows 7
windows 8.1
windows 8
windows vista
windows rt 8.1
windows server 2016
windows server 2012
windows server 2008
漏洞点评
microsoft windows在处理恶意的快捷方式(.lnk)文件时存在漏洞,攻击者可以通过可移动驱动器(u盘)或远程共享等方式将包含恶意lnk文件和与之相关的恶意二进制文件传播给用户。当用户通过windows资源管理器或任何能够解析lnk文件的程序打开恶意的lnk文件时,与之关联的恶意二进制代码将在目标系统上执行。成功利用此漏洞的攻击者可以获得与本地用户相同的用户权限。微软官方已经在6月份发布的安全补丁中修复了此漏洞,受影响的用户应立即通过windows自动更新服务来下载更新该安全补丁来防护。对于无法及时更新补丁的主机,建议禁用u盘、网络共享的功能。
(数据来源:绿盟科技安全研究部&产品规则组)
最近一周cve公告总数与前期相比数量回升。值得关注的高危漏洞如下:
标题:sneaky hackers use intel management tools to bypass windows firewall
时间:2017-06-12
摘要:the group, which microsoft has named platinum, has developed a system for sending files—such as new payloads to run and new versions of their malware—to compromised machines。
链接:https://arstechnica.com/security/2017/06/sneaky-hackers-use-intel-management-tools-to-bypass-windows-firewall/
摘要:criminal hackers have started using a novel malware attack that infects people when their mouse hovers over a link embedded in a malicious powerpoint file.
链接:https://arstechnica.com/security/2017/06/malicious-powerpoint-files-can-infect-targets-when-hovering-over-hyperlinks/
时间:2017-06-02
摘要:the national cybersecurity and communications integration center (nccic) is aware of public reports from eset and dragos outlining a new, highly capable industrial controls systems (ics) attack platform that was reportedly used in 2016 against critical infrastructure in ukraine. as reported by eset (link is external) and dragos (link is external), the crashoverride malware is an extensible platform that could be used to target critical infrastructure sectors. nccic is working with its partners to validate the eset and dragos analysis, and develop a better understanding of the risk this new malware poses to the u.s. critical infrastructure.
链接:https://www.us-cert.gov/ncas/alerts/ta17-163a
摘要:malware researchers at security firm fortinet have spotted macransom, it is the first mac ransomware offered as a raas service.
链接:http://securityaffairs.co/wordpress/59981/malware/macransom-raas.html
标题:彭博社称俄罗斯黑客攻陷美国39个州的选举系统
时间:2017-06-13
摘要:彭博社的一份新报告显示,美国39个州选举系统在去年美国大选前后被黑,在某些情况下,攻击者甚至可以访问国家级选民问卷数据,损害多达9万名选民的记录。。
链接:http://www.youxia.org/2017/06/29925.html
标题:rare xp patches fix three remaining leaked nsa exploits
时间:2017-06-14
摘要:microsoft today released security updates to fix almost a hundred flaws in its various windows operating systems and related software. one bug is so serious that microsoft is issuing patches for it on windows xp and other operating systems the company no longer officially supports. separately, adobe has pushed critical updates for its flash and shockwave players, two programs most users would probably be better off without.
链接:https://krebsonsecurity.com/2017/06/microsoft-adobe-ship-critical-fixes/
摘要:the united states computer emergency readiness team (us-cert) released a technical alert on tuesday on behalf of the dhs and the fbi to warn organizations of north korea’s “hidden cobra” activities, particularly distributed denial-of-service (ddos) attacks.
链接:http://www.securityweek.com/us-warns-north-koreas-hidden-cobra-attacks
时间:2017-06-15
摘要:wikileaks has published a new batch of the ongoing vault 7 leak, this time detailing a framework – which is being used by the cia for monitoring the internet activity of the targeted systems by exploiting vulnerabilities in wi-fi devices.
链接:http://thehackernews.com/2017/06/cia-wireless-router-hacking-tool.html
标题:jaff ransomware decryption tool released – don’t pay, unlock files for free
摘要:kaspersky labs has released an updated version 1.21.2.1 of its free ransomware decryption tool, rakhnidecryptor, which can now also decrypt files locked by the jaff ransomware..
链接:http://thehackernews.com/2017/06/jaff-ransomware-decryption-tool.html
标题:nigerian bec scams hit 500 companies in 50 countries
摘要:nigerian cybercriminals targeting industrial firms have stolen a slew of sensitive technical drawings, network diagrams, cost estimates, and project plans already this year. the data, exfiltrated by a cocktail of different spyware programs, wasn’t stolen from just executives, but also operators, engineers, designers and architects.
链接:https://threatpost.com/nigerian-bec-scams-hit-500-companies-in-50-countries/126298/
(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)
截止到2017年6月16日,绿盟科技漏洞库已收录总条目达到36926条。本周新增漏洞记录109条,其中高危漏洞数量93条,中危漏洞数量11条,低危漏洞数量5条。
cisco email security/content security management appliance跨站脚本漏洞(cve-2017-6661)
危险等级:中
bid:98950
cve编号:cve-2017-6661
cisco email security appliance附件过滤器绕过漏洞(cve-2017-6671)
bid:98969
cve编号:cve-2017-6671
cisco elastic services controller信息泄露漏洞(cve-2017-6696)
危险等级:低
bid:98952
cve编号:cve-2017-6696
cisco elastic services controller未授权目录访问漏洞(cve-2017-6693)
cve编号:cve-2017-6693
cisco elastic services controller信息泄露漏洞(cve-2017-6691)
cve编号:cve-2017-6691
cisco elastic services controller默认管理员凭证漏洞(cve-2017-6689)
cve编号:cve-2017-6689
cisco elastic services controller远程命令执行漏洞(cve-2017-6682)
bid:98951
cve编号:cve-2017-6682
pivotal spring web flow安全功能绕过漏洞(cve-2017-4971)
危险等级:高
bid:98785
cve编号:cve-2017-4971
cisco elastic services controller远程命令执行漏洞(cve-2017-6683)
cve编号:cve-2017-6683
cisco elastic services controller安全限制绕过漏洞(cve-2017-6684)
bid:98979
cve编号:cve-2017-6684
cisco elastic services controller安全限制绕过漏洞(cve-2017-6688)
bid:98973
cve编号:cve-2017-6688
cisco elastic services controller信息泄露漏洞(cve-2017-6697)
bid:98959
cve编号:cve-2017-6697
apache nifi跨框架脚本漏洞(cve-2017-7667)
cve编号:cve-2017-7667
apache nifi跨站脚本漏洞(cve-2017-7665)
cve编号:cve-2017-7665
google chrome os 本地信息泄露漏洞(cve-2017-5084)
bid:98986
cve编号:cve-2017-5084
microsoft windows kernel本地权限提升漏洞(cve-2017-0297)
bid:98840
cve编号:cve-2017-0297
vmware vsphere data protection命令执行漏洞(cve-2017-4914)
bid:98939
cve编号:cve-2017-4914
microsoft internet explorer/edge信息泄露漏洞(cve-2017-8529)
bid:98953
cve编号:cve-2017-8529
microsoft edge安全限制绕过漏洞(cve-2017-8555)
bid:98956
cve编号:cve-2017-8555
microsoft edge远程代码漏洞(cve-2017-8549)
bid:98955
cve编号:cve-2017-8549
microsoft edge远程内存破坏漏洞(cve-2017-8548)
bid:98954
cve编号:cve-2017-8548
microsoft windows uniscribe远程代码执行漏洞(cve-2017-8528)
bid:98949
cve编号:cve-2017-8528
microsoft windows graphics component本地信息泄露漏洞(cve-2017-8553)
bid:98940
cve编号:cve-2017-8553
microsoft windows graphics component远程代码执行漏洞(cve-2017-8527)
bid:98933
cve编号:cve-2017-8527
microsoft internet explorer远程内存破坏漏洞(cve-2017-8547)
bid:98932
cve编号:cve-2017-8547
microsoft edge远程内存破坏漏洞(cve-2017-8523)
bid:98928
cve编号:cve-2017-8523
microsoft windows graphics component信息泄露漏洞(cve-2017-0289)
bid:98929
cve编号:cve-2017-0289
microsoft internet explorer/edge远程内存破坏漏洞(cve-2017-8524)
bid:98930
cve编号:cve-2017-8524
microsoft internet explorer/edge远程内存破坏漏洞(cve-2017-8522)
bid:98926
cve编号:cve-2017-8522
microsoft windows hyper-v本地权限提升漏洞(cve-2017-0193)
bid:98878
cve编号:cve-2017-0193
microsoft windows device guard 本地安全限制绕过漏洞(cve-2017-0215)
bid:98879
cve编号:cve-2017-0215
microsoft windows kernel 信息泄露漏洞(cve-2017-8474)
bid:98902
cve编号:cve-2017-8474
microsoft windows kernel 信息泄露漏洞(cve-2017-0300)
bid:98901
cve编号:cve-2017-0300
microsoft windows device guard 本地安全限制绕过漏洞(cve-2017-0219)
bid:98898
cve编号:cve-2017-0219
microsoft windows 本地安全限制绕过漏洞(cve-2017-0295)
bid:98904
cve编号:cve-2017-0295
microsoft internet explorer远程内存破坏漏洞(cve-2017-8519)
bid:98999
cve编号:cve-2017-8519
microsoft sharepoint server远程权限提升漏洞(cve-2017-8551)
bid:98913
cve编号:cve-2017-8551
microsoft windows kernel 信息泄露漏洞(cve-2017-8462)
bid:98900
cve编号:cve-2017-8462
microsoft windows kernel 信息泄露漏洞(cve-2017-8476)
bid:98903
cve编号:cve-2017-8476
microsoft skype for business/lync server 远程代码执行漏洞(cve-2017-8550)
bid:98916
cve编号:cve-2017-8550
microsoft windows graphics component信息泄露漏洞(cve-2017-0286)
bid:98891
cve编号:cve-2017-0286
microsoft windows pdf信息泄露漏洞(cve-2017-8460)
bid:98887
cve编号:cve-2017-8460
microsoft windows graphics component信息泄露漏洞(cve-2017-0287)
bid:98922
cve编号:cve-2017-0287
microsoft windows graphics component信息泄露漏洞(cve-2017-0288)
bid:98923
cve编号:cve-2017-0288
microsoft windows kernel 信息泄露漏洞(cve-2017-0299)
bid:98884
cve编号:cve-2017-0299
microsoft outlook for mac欺骗漏洞(cve-2017-8545)
bid:98917
cve编号:cve-2017-8545
microsoft windows device guard 本地安全限制绕过漏洞(cve-2017-0218)
bid:98897
cve编号:cve-2017-0218
microsoft windows device guard 本地安全限制绕过漏洞(cve-2017-0216)
bid:98896
cve编号:cve-2017-0216
microsoft internet explorer/edge远程内存破坏漏洞(cve-2017-8517)
bid:98895
cve编号:cve-2017-8517
microsoft edge远程内存破坏漏洞(cve-2017-8496)
bid:98880
cve编号:cve-2017-8496
microsoft edge远程内存破坏漏洞(cve-2017-8499)
bid:98883
cve编号:cve-2017-8499
microsoft edge远程内存破坏漏洞(cve-2017-8497)
bid:98882
cve编号:cve-2017-8497
microsoft windows uniscribe信息泄露漏洞(cve-2017-0282)
bid:98885
cve编号:cve-2017-0282
microsoft edge远程信息泄露漏洞(cve-2017-8498)
bid:98886
cve编号:cve-2017-8498
microsoft edge远程信息泄露漏洞(cve-2017-8504)
bid:98892
cve编号:cve-2017-8504
microsoft windows uniscribe信息泄露漏洞(cve-2017-0285)
bid:98914
cve编号:cve-2017-0285
microsoft edge远程内存破坏漏洞(cve-2017-8521)
bid:98925
cve编号:cve-2017-8521
microsoft windows uniscribe远程代码执行漏洞(cve-2017-0283)
bid:98920
cve编号:cve-2017-0283
microsoft windows uniscribe信息泄露漏洞(cve-2017-0284)
bid:98919
cve编号:cve-2017-0284
microsoft outlook内存破坏漏洞(cve-2017-8507)
bid:98827
cve编号:cve-2017-8507
microsoft windows 本地安全限制绕过漏洞(cve-2017-8493)
bid:98850
cve编号:cve-2017-8493
microsoft office安全限制绕过漏洞(cve-2017-8508)
bid:98828
cve编号:cve-2017-8508
microsoft edge安全功能绕过漏洞(cve-2017-8530)
bid:98863
cve编号:cve-2017-8530
microsoft windows device guard 本地安全限制绕过漏洞(cve-2017-0173)
bid:98873
cve编号:cve-2017-0173
microsoft sharepoint跨站脚本漏洞(cve-2017-8514)
bid:98831
cve编号:cve-2017-8514
microsoft windows uniscribe 信息泄露漏洞(cve-2017-8534)
bid:98822
cve编号:cve-2017-8534
microsoft windows kernel 信息泄露漏洞(cve-2017-8485)
bid:98860
cve编号:cve-2017-8485
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8492)
bid:98870
cve编号:cve-2017-8492
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8489)
bid:98865
cve编号:cve-2017-8489
microsoft windows 远程代码执行漏洞(cve-2017-0294)
bid:98837
cve编号:cve-2017-0294
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8490)
bid:98867
cve编号:cve-2017-8490
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8491)
bid:98869
cve编号:cve-2017-8491
microsoft office dll加载远程代码执行漏洞(cve-2017-8506)
bid:98811
cve编号:cve-2017-8506
microsoft office dll加载远程代码执行漏洞(cve-2017-0260)
bid:98810
cve编号:cve-2017-0260
microsoft office远程代码执行漏洞(cve-2017-8512)
bid:98816
cve编号:cve-2017-8512
microsoft office远程代码执行漏洞(cve-2017-8511)
bid:98815
cve编号:cve-2017-8511
microsoft office远程代码执行漏洞(cve-2017-8510)
bid:98813
cve编号:cve-2017-8510
microsoft windows lnk远程代码执行漏洞(cve-2017-8464)
bid:98818
cve编号:cve-2017-8464
microsoft office远程代码执行漏洞(cve-2017-8509)
bid:98812
cve编号:cve-2017-8509
microsoft windows graphics component信息泄露漏洞(cve-2017-8531)
bid:98819
cve编号:cve-2017-8531
microsoft windows graphics component信息泄露漏洞(cve-2017-8533)
bid:98821
cve编号:cve-2017-8533
microsoft windows graphics component信息泄露漏洞(cve-2017-8532)
bid:98820
cve编号:cve-2017-8532
microsoft windows search 信息泄露漏洞(cve-2017-8544)
bid:98826
cve编号:cve-2017-8544
microsoft windows search 远程代码执行漏洞(cve-2017-8543)
bid:98824
cve编号:cve-2017-8543
microsoft powerpoint远程代码执行漏洞(cve-2017-8513)
bid:98830
cve编号:cve-2017-8513
microsoft windows 拒绝服务漏洞(cve-2017-8515)
bid:98833
cve编号:cve-2017-8515
microsoft windows pdf远程代码执行漏洞(cve-2017-0291)
bid:98835
cve编号:cve-2017-0291
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8469)
bid:98842
cve编号:cve-2017-8469
microsoft windows kernel ‘win32k.sys’ 本地权限提升漏洞(cve-2017-8465)
bid:98843
cve编号:cve-2017-8465
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8478)
bid:98845
cve编号:cve-2017-8478
microsoft windows kernel ‘win32k.sys’ 本地信息泄露漏洞(cve-2017-8473)
bid:98852
cve编号:cve-2017-8473
microsoft windows kernel ‘win32k.sys’ 本地信息泄露漏洞(cve-2017-8475)
bid:98853
cve编号:cve-2017-8475
microsoft windows kernel ‘win32k.sys’ 本地信息泄露漏洞(cve-2017-8472)
bid:98851
cve编号:cve-2017-8472
microsoft windows kernel ‘win32k.sys’ 本地信息泄露漏洞(cve-2017-8477)
bid:98854
cve编号:cve-2017-8477
microsoft windows kernel ‘win32k.sys’ 本地信息泄露漏洞(cve-2017-8471)
bid:98849
cve编号:cve-2017-8471
microsoft windows pdf远程代码执行漏洞(cve-2017-0292)
bid:98836
cve编号:cve-2017-0292
microsoft windows kernel 信息泄露漏洞(cve-2017-8482)
bid:98858
cve编号:cve-2017-8482
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8480)
bid:98857
cve编号:cve-2017-8480
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8481)
bid:98862
cve编号:cve-2017-8481
microsoft windows kernel ‘win32k.sys’本地信息泄露漏洞(cve-2017-8470)
bid:98848
cve编号:cve-2017-8470
microsoft windows kernel ‘win32k.sys’ 本地信息泄露漏洞(cve-2017-8484)
bid:98847
cve编号:cve-2017-8484
microsoft windows kernel ‘win32k.sys’ 本地权限提升漏洞(cve-2017-8468)
bid:98846
cve编号:cve-2017-8468
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8483)
bid:98859
cve编号:cve-2017-8483
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8479)
bid:98856
cve编号:cve-2017-8479
microsoft windows kernel 本地信息泄露漏洞(cve-2017-8488)
bid:98864
cve编号:cve-2017-8488
microsoft windows cursor 本地权限提升漏洞(cve-2017-8466)
bid:98844
cve编号:cve-2017-8466
microsoft windows 本地权限提升漏洞(cve-2017-8494)
bid:98855
cve编号:cve-2017-8494
microsoft windows com本地权限提升漏洞(cve-2017-0298)
bid:98841
cve编号:cve-2017-0298
microsoft windows tdx本地权限提升漏洞(cve-2017-0296)
bid:98839
cve编号:cve-2017-0296
原文发布时间:2017年6月21日
本文由:绿盟科技发布,版权归属于原作者
原文链接:http://toutiao.secjia.com/nsfocus-internet-security-threats-weekly-201724
本文来自云栖社区合作伙伴安全加,了解相关信息可以关注安全加网站