ÐÅÏ¢Äþ¾²Öܱ¨-2020ÄêµÚ24ÖÜ

Ðû²¼Ê±¼ä 2020-06-15

> ±¾ÖÜÄþ¾²Ì¬ÊÆ×ÛÊö


2020Äê06ÔÂ08ÈÕÖÁ06ÔÂ14ÈÕ¹²ÊÕ¼Äþ¾²Â©¶´68¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇMicrosoft Windows Server Message Block CVE-2020-1301´úÂëÖ´ÐЩ¶´; WAGO PFC 200 Web-Based Management´úÂëÖ´ÐЩ¶´£»Advantech WebAccess Node»º³åÇøÒç³ö©¶´£»SAP Solution ManagerδÊÚȨ·ÃÎÊ©¶´£»Siemens LOGO!8 BMδÊÚȨ·ÃÎÊ©¶´¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÄþ¾²Ê¼þÊÇαÔìµÄÀÕË÷Èí¼þSTOP DjvuµÄ½âÃÜÆ÷¶ÔÊܺ¦ÕßÎļþ¶þ´Î¼ÓÃÜ£»Area1Ðû²¼³ÂËߣ¬¶íÂÞ˹ͨ¹ýEximÊðÀí(MTA)ÖЩ¶´×ÌÈÅÃÀ¹ú´óÑ¡£»Î¢ÈíÐû²¼×î´ó¹æÄ£µÄÖܶþ²¹¶¡·¨Ê½£¬¹²ÐÞ¸´129¸ö©¶´£»AdobeÐÞ¸´ÁËFlash PlayerÖеÄÔ¶³Ì´úÂëÖ´ÐЩ¶´£»ÈÎÌìÌÃÈ·ÈÏÆäÁè¼Ý30ÍòÕ˺ű»ÈëÇÖ£¬Ä¿Ç°¹úÐÐδÊÜÓ°Ïì¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜÄþ¾²ÍþвΪÖС£



>ÖØÒªÄþ¾²Â©¶´Áбí


1.Microsoft Windows Server Message Block CVE-2020-1301´úÂëÖ´ÐЩ¶´


Microsoft Windows Server Message Block 1.0´¦ÖÃijЩÇëÇó´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓ÷¨Ê½±ÀÀ£»ò¿ÉÖ´ÐÐÈÎÒâ´úÂë¡£

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1301


2. WAGO PFC 200 Web-Based Management´úÂëÖ´ÐЩ¶´


WAGO PFC 200 Web-Based Management´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-101


3. Advantech WebAccess Node»º³åÇøÒç³ö©¶´


Advantech WebAccess Node´æÔÚ»º³åÇøÒç³ö©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓ÷¨Ê½±ÀÀ£»òÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë¡£

https://www.us-cert.gov/ics/advisories/icsa-20-161-01


4. SAP Solution ManagerδÊÚȨ·ÃÎÊ©¶´


SAP Solution Manager Problem Context ManagerûÓÐÖ´ÐÐÑé֤©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉδÊÚȨ·ÃÎÊ»ò½øÐоܾø·þÎñ¹¥»÷¡£

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775


5. Siemens LOGO!8 BMδÊÚȨ·ÃÎÊ©¶´


Siemens LOGO!8 BMȱÉÙÉí·ÝÖ¤ÑéÖ¤£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ïò135¶Ë¿ÚÌá½»ÇëÇ󣬿ɶÁÈ¡ºÍÐÞ¸ÄÉ豸ÅäÖò¢´ÓÉ豸ÖлñÈ¡ÏîÄ¿Îļþ¡£

https://cert-portal.siemens.com/productcert/pdf/ssa-817401.pdf



> ÖØÒªÄþ¾²Ê¼þ×ÛÊö


1¡¢Î±ÔìµÄÀÕË÷Èí¼þSTOP DjvuµÄ½âÃÜÆ÷¶ÔÊܺ¦ÕßÎļþ¶þ´Î¼ÓÃÜ


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/


2¡¢Area1Ðû²¼³ÂËߣ¬¶íÂÞ˹ͨ¹ýEximÊðÀí(MTA)ÖЩ¶´×ÌÈÅÃÀ¹ú´óÑ¡


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://cdn.area1security.com/reports/Area-1-Security-EximReport.pdf


3¡¢Î¢ÈíÐû²¼×î´ó¹æÄ£µÄÖܶþ²¹¶¡·¨Ê½£¬¹²ÐÞ¸´129¸ö©¶´


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2020-patch-tuesday-largest-ever-with-129-fixes/


4¡¢AdobeÐÞ¸´ÁËFlash PlayerÖеÄÔ¶³Ì´úÂëÖ´ÐЩ¶´


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-remote-code-execution-bug-in-flash-player/


5¡¢ÈÎÌìÌÃÈ·ÈÏÆäÁè¼Ý30ÍòÕ˺ű»ÈëÇÖ£¬Ä¿Ç°¹úÐÐδÊÜÓ°Ïì


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.infosecurity-magazine.com/news/nintendo-breach-now-300000/