ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ24ÖÜ

Ðû²¼Ê±¼ä 2020-06-15

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê06ÔÂ08ÈÕÖÁ06ÔÂ14ÈÕ¹²ÊÕ¼Çå¾²Îó²î68¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇMicrosoft Windows Server Message Block CVE-2020-1301´úÂëÖ´ÐÐÎó²î; WAGO PFC 200 Web-Based Management´úÂëÖ´ÐÐÎó²î£»Advantech WebAccess Node»º³åÇøÒç³öÎó²î£»SAP Solution ManagerδÊÚȨ»á¼ûÎó²î£»Siemens LOGO!8 BMδÊÚȨ»á¼ûÎó²î¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇαÔìµÄÀÕË÷Èí¼þSTOP DjvuµÄ½âÃÜÆ÷¶ÔÊܺ¦ÕßÎļþ¶þ´Î¼ÓÃÜ£»Area1Ðû²¼±¨¸æ£¬¶íÂÞ˹ͨ¹ýEximÊðÀí(MTA)ÖÐÎó²î×ÌÈÅÃÀ¹ú´óÑ¡£»Î¢ÈíÐû²¼×î´ó¹æÄ£µÄÖܶþ²¹¶¡³ÌÐò£¬¹²ÐÞ¸´129¸öÎó²î£»AdobeÐÞ¸´ÁËFlash PlayerÖеÄÔ¶³Ì´úÂëÖ´ÐÐÎó²î£»ÈÎÌìÌÃÈ·ÈÏÆäÁè¼Ý30ÍòÕ˺ű»ÈëÇÖ£¬ÏÖÔÚ¹úÐÐδÊÜÓ°Ïì¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬±¾ÖÜÇå¾²ÍþвΪÖС£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Microsoft Windows Server Message Block CVE-2020-1301´úÂëÖ´ÐÐÎó²î


Microsoft Windows Server Message Block 1.0´¦Öóͷ£Ä³Ð©ÇëÇó±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓóÌÐò±ÀÀ£»ò¿ÉÖ´ÐÐí§Òâ´úÂë¡£

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1301


2. WAGO PFC 200 Web-Based Management´úÂëÖ´ÐÐÎó²î


WAGO PFC 200 Web-Based Management±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-101


3. Advantech WebAccess Node»º³åÇøÒç³öÎó²î


Advantech WebAccess Node±£´æ»º³åÇøÒç³öÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓóÌÐò±ÀÀ£»òÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://www.us-cert.gov/ics/advisories/icsa-20-161-01


4. SAP Solution ManagerδÊÚȨ»á¼ûÎó²î


SAP Solution Manager Problem Context ManagerûÓÐÖ´ÐÐÑéÖ¤Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉδÊÚȨ»á¼û»ò¾ÙÐоܾø·þÎñ¹¥»÷¡£

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775


5. Siemens LOGO!8 BMδÊÚȨ»á¼ûÎó²î


Siemens LOGO!8 BMȱÉÙÉí·ÝÖ¤ÑéÖ¤£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÏò135¶Ë¿ÚÌá½»ÇëÇ󣬿ɶÁÈ¡ºÍÐÞ¸Ä×°±¸ÉèÖò¢´Ó×°±¸ÖлñÈ¡ÏîÄ¿Îļþ¡£

https://cert-portal.siemens.com/productcert/pdf/ssa-817401.pdf



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢Î±ÔìµÄÀÕË÷Èí¼þSTOP DjvuµÄ½âÃÜÆ÷¶ÔÊܺ¦ÕßÎļþ¶þ´Î¼ÓÃÜ


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/


2¡¢Area1Ðû²¼±¨¸æ£¬¶íÂÞ˹ͨ¹ýEximÊðÀí(MTA)ÖÐÎó²î×ÌÈÅÃÀ¹ú´óÑ¡


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://cdn.area1security.com/reports/Area-1-Security-EximReport.pdf


3¡¢Î¢ÈíÐû²¼×î´ó¹æÄ£µÄÖܶþ²¹¶¡³ÌÐò£¬¹²ÐÞ¸´129¸öÎó²î


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2020-patch-tuesday-largest-ever-with-129-fixes/


4¡¢AdobeÐÞ¸´ÁËFlash PlayerÖеÄÔ¶³Ì´úÂëÖ´ÐÐÎó²î


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-remote-code-execution-bug-in-flash-player/


5¡¢ÈÎÌìÌÃÈ·ÈÏÆäÁè¼Ý30ÍòÕ˺ű»ÈëÇÖ£¬ÏÖÔÚ¹úÐÐδÊÜÓ°Ïì


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.infosecurity-magazine.com/news/nintendo-breach-now-300000/