绿盟科技发布了本周安全通告,周报编号NSFOCUS-17-24,绿盟科技漏洞库本周新增109条,其中高危93条。本次周报建议大家关注 Windows LNK文件远程代码执行漏洞 。微软官方已经在6月份发布的安全补丁中修复了此漏洞,受影响的用户应立即通过Windows自动更新服务来下载更新该安全补丁来防护。对于无法及时更新补丁的主机,建议禁用U盘、网络共享的功能。
焦点漏洞
- NSFOCUS ID 36895
- CVE ID CVE-2017-8464
受影响版本
- Windows 10
- Windows 7
- Windows 8.1
- Windows 8
- Windows Vista
- Windows RT 8.1
- Windows Server 2016
- Windows Server 2012
- Windows Server 2008
漏洞点评
Microsoft Windows在处理恶意的快捷方式(.lnk)文件时存在漏洞,攻击者可以通过可移动驱动器(U盘)或远程共享等方式将包含恶意LNK文件和与之相关的恶意二进制文件传播给用户。当用户通过Windows资源管理器或任何能够解析LNK文件的程序打开恶意的LNK文件时,与之关联的恶意二进制代码将在目标系统上执行。成功利用此漏洞的攻击者可以获得与本地用户相同的用户权限。微软官方已经在6月份发布的安全补丁中修复了此漏洞,受影响的用户应立即通过Windows自动更新服务来下载更新该安全补丁来防护。对于无法及时更新补丁的主机,建议禁用U盘、网络共享的功能。
(数据来源:绿盟科技安全研究部&产品规则组)
互联网安全态势
CVE统计
最近一周CVE公告总数与前期相比数量回升。值得关注的高危漏洞如下:
威胁信息回顾
标题:Sneaky hackers use Intel management tools to bypass Windows firewall
- 时间:2017-06-12
- 摘要:The group, which Microsoft has named PLATINUM, has developed a system for sending files—such as new payloads to run and new versions of their malware—to compromised machines。
- 链接:https://arstechnica.com/security/2017/06/sneaky-hackers-use-intel-management-tools-to-bypass-windows-firewall/
标题: Banking trojan executes when targets hover over link in PowerPoint doc
- 时间:2017-06-12
- 摘要:Criminal hackers have started using a novel malware attack that infects people when their mouse hovers over a link embedded in a malicious PowerPoint file.
- 链接:https://arstechnica.com/security/2017/06/malicious-powerpoint-files-can-infect-targets-when-hovering-over-hyperlinks/
-
- 时间:2017-06-02
- 摘要:The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine. As reported by ESET (link is external) and Dragos (link is external), the CrashOverride malware is an extensible platform that could be used to target critical infrastructure sectors. NCCIC is working with its partners to validate the ESET and Dragos analysis, and develop a better understanding of the risk this new malware poses to the U.S. critical infrastructure.
- 链接:https://www.us-cert.gov/ncas/alerts/TA17-163A
标题: MacRansom:The first Mac ransomware offered as a RaaS Service
- 时间:2017-06-12
- 摘要:Malware researchers at security firm Fortinet have spotted MacRansom, it is the first Mac ransomware offered as a RaaS Service.
- 链接:http://securityaffairs.co/wordpress/59981/malware/macransom-raas.html
标题:彭博社称俄罗斯黑客攻陷美国39个州的选举系统
- 时间:2017-06-13
- 摘要:彭博社的一份新报告显示,美国39个州选举系统在去年美国大选前后被黑,在某些情况下,攻击者甚至可以访问国家级选民问卷数据,损害多达9万名选民的记录。。
- 链接:http://www.youxia.org/2017/06/29925.html
标题:Rare XP Patches Fix Three Remaining Leaked NSA Exploits
- 时间:2017-06-14
- 摘要:Microsoft today released security updates to fix almost a hundred flaws in its various Windows operating systems and related software. One bug is so serious that Microsoft is issuing patches for it on Windows XP and other operating systems the company no longer officially supports. Separately, Adobe has pushed critical updates for its Flash and Shockwave players, two programs most users would probably be better off without.
- 链接:https://krebsonsecurity.com/2017/06/microsoft-adobe-ship-critical-fixes/
标题: U.S. Warns of North Korea’s ‘Hidden Cobra’ Attacks
- 时间:2017-06-14
- 摘要:The United States Computer Emergency Readiness Team (US-CERT) released a technical alert on Tuesday on behalf of the DHS and the FBI to warn organizations of North Korea’s “Hidden Cobra” activities, particularly distributed denial-of-service (DDoS) attacks.
- 链接:http://www.securityweek.com/us-warns-north-koreas-hidden-cobra-attacks
标题: Wikileaks Unveils ‘Cherry Blossom’ — Wireless Hacking System Used by CIA
- 时间:2017-06-15
- 摘要:WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a framework – which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices.
- 链接:http://thehackernews.com/2017/06/cia-wireless-router-hacking-tool.html
标题:Jaff Ransomware Decryption Tool Released – Don’t Pay, Unlock Files for Free
- 时间:2017-06-15
- 摘要:Kaspersky Labs has released an updated version 1.21.2.1 of its free ransomware decryption tool, RakhniDecryptor, which can now also decrypt files locked by the Jaff ransomware..
- 链接:http://thehackernews.com/2017/06/jaff-ransomware-decryption-tool.html
标题:Nigerian BEC Scams Hit 500 Companies in 50 Countries
- 时间:2017-06-15
- 摘要:Nigerian cybercriminals targeting industrial firms have stolen a slew of sensitive technical drawings, network diagrams, cost estimates, and project plans already this year. The data, exfiltrated by a cocktail of different spyware programs, wasn’t stolen from just executives, but also operators, engineers, designers and architects.
- 链接:https://threatpost.com/nigerian-bec-scams-hit-500-companies-in-50-countries/126298/
(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)
绿盟科技漏洞研究
绿盟科技漏洞库新增109条
截止到2017年6月16日,绿盟科技漏洞库已收录总条目达到36926条。本周新增漏洞记录109条,其中高危漏洞数量93条,中危漏洞数量11条,低危漏洞数量5条。
- Cisco Email Security/Content Security Management Appliance跨站脚本漏洞(CVE-2017-6661)
- 危险等级:中
- BID:98950
- cve编号:CVE-2017-6661
- Cisco Email Security Appliance附件过滤器绕过漏洞(CVE-2017-6671)
- 危险等级:中
- BID:98969
- cve编号:CVE-2017-6671
- Cisco Elastic Services Controller信息泄露漏洞(CVE-2017-6696)
- 危险等级:低
- BID:98952
- cve编号:CVE-2017-6696
- Cisco Elastic Services Controller未授权目录访问漏洞(CVE-2017-6693)
- 危险等级:低
- cve编号:CVE-2017-6693
- Cisco Elastic Services Controller信息泄露漏洞(CVE-2017-6691)
- 危险等级:低
- cve编号:CVE-2017-6691
- Cisco Elastic Services Controller默认管理员凭证漏洞(CVE-2017-6689)
- 危险等级:中
- cve编号:CVE-2017-6689
- Cisco Elastic Services Controller远程命令执行漏洞(CVE-2017-6682)
- 危险等级:中
- BID:98951
- cve编号:CVE-2017-6682
- Pivotal Spring Web Flow安全功能绕过漏洞(CVE-2017-4971)
- 危险等级:高
- BID:98785
- cve编号:CVE-2017-4971
- Cisco Elastic Services Controller远程命令执行漏洞(CVE-2017-6683)
- 危险等级:中
- cve编号:CVE-2017-6683
- Cisco Elastic Services Controller安全限制绕过漏洞(CVE-2017-6684)
- 危险等级:中
- BID:98979
- cve编号:CVE-2017-6684
- Cisco Elastic Services Controller安全限制绕过漏洞(CVE-2017-6688)
- 危险等级:中
- BID:98973
- cve编号:CVE-2017-6688
- Cisco Elastic Services Controller信息泄露漏洞(CVE-2017-6697)
- 危险等级:低
- BID:98959
- cve编号:CVE-2017-6697
- Apache NiFi跨框架脚本漏洞(CVE-2017-7667)
- 危险等级:中
- cve编号:CVE-2017-7667
- Apache NiFi跨站脚本漏洞(CVE-2017-7665)
- 危险等级:中
- cve编号:CVE-2017-7665
- Google Chrome OS 本地信息泄露漏洞(CVE-2017-5084)
- 危险等级:中
- BID:98986
- cve编号:CVE-2017-5084
- Microsoft Windows Kernel本地权限提升漏洞(CVE-2017-0297)
- 危险等级:高
- BID:98840
- cve编号:CVE-2017-0297
- VMware vSphere Data Protection命令执行漏洞(CVE-2017-4914)
- 危险等级:中
- BID:98939
- cve编号:CVE-2017-4914
- Microsoft Internet Explorer/Edge信息泄露漏洞(CVE-2017-8529)
- 危险等级:高
- BID:98953
- cve编号:CVE-2017-8529
- Microsoft Edge安全限制绕过漏洞(CVE-2017-8555)
- 危险等级:高
- BID:98956
- cve编号:CVE-2017-8555
- Microsoft Edge远程代码漏洞(CVE-2017-8549)
- 危险等级:高
- BID:98955
- cve编号:CVE-2017-8549
- Microsoft Edge远程内存破坏漏洞(CVE-2017-8548)
- 危险等级:高
- BID:98954
- cve编号:CVE-2017-8548
- Microsoft Windows Uniscribe远程代码执行漏洞(CVE-2017-8528)
- 危险等级:高
- BID:98949
- cve编号:CVE-2017-8528
- Microsoft Windows Graphics Component本地信息泄露漏洞(CVE-2017-8553)
- 危险等级:高
- BID:98940
- cve编号:CVE-2017-8553
- Microsoft Windows Graphics Component远程代码执行漏洞(CVE-2017-8527)
- 危险等级:高
- BID:98933
- cve编号:CVE-2017-8527
- Microsoft Internet Explorer远程内存破坏漏洞(CVE-2017-8547)
- 危险等级:高
- BID:98932
- cve编号:CVE-2017-8547
- Microsoft Edge远程内存破坏漏洞(CVE-2017-8523)
- 危险等级:低
- BID:98928
- cve编号:CVE-2017-8523
- Microsoft Windows Graphics Component信息泄露漏洞(CVE-2017-0289)
- 危险等级:高
- BID:98929
- cve编号:CVE-2017-0289
- Microsoft Internet Explorer/Edge远程内存破坏漏洞(CVE-2017-8524)
- 危险等级:高
- BID:98930
- cve编号:CVE-2017-8524
- Microsoft Internet Explorer/Edge远程内存破坏漏洞(CVE-2017-8522)
- 危险等级:高
- BID:98926
- cve编号:CVE-2017-8522
- Microsoft Windows Hyper-V本地权限提升漏洞(CVE-2017-0193)
- 危险等级:高
- BID:98878
- cve编号:CVE-2017-0193
- Microsoft Windows Device Guard 本地安全限制绕过漏洞(CVE-2017-0215)
- 危险等级:高
- BID:98879
- cve编号:CVE-2017-0215
- Microsoft Windows Kernel 信息泄露漏洞(CVE-2017-8474)
- 危险等级:高
- BID:98902
- cve编号:CVE-2017-8474
- Microsoft Windows Kernel 信息泄露漏洞(CVE-2017-0300)
- 危险等级:高
- BID:98901
- cve编号:CVE-2017-0300
- Microsoft Windows Device Guard 本地安全限制绕过漏洞(CVE-2017-0219)
- 危险等级:高
- BID:98898
- cve编号:CVE-2017-0219
- Microsoft Windows 本地安全限制绕过漏洞(CVE-2017-0295)
- 危险等级:高
- BID:98904
- cve编号:CVE-2017-0295
- Microsoft Internet Explorer远程内存破坏漏洞(CVE-2017-8519)
- 危险等级:高
- BID:98999
- cve编号:CVE-2017-8519
- Microsoft SharePoint Server远程权限提升漏洞(CVE-2017-8551)
- 危险等级:高
- BID:98913
- cve编号:CVE-2017-8551
- Microsoft Windows Kernel 信息泄露漏洞(CVE-2017-8462)
- 危险等级:高
- BID:98900
- cve编号:CVE-2017-8462
- Microsoft Windows Kernel 信息泄露漏洞(CVE-2017-8476)
- 危险等级:高
- BID:98903
- cve编号:CVE-2017-8476
- Microsoft Skype for Business/Lync Server 远程代码执行漏洞(CVE-2017-8550)
- 危险等级:高
- BID:98916
- cve编号:CVE-2017-8550
- Microsoft Windows Graphics Component信息泄露漏洞(CVE-2017-0286)
- 危险等级:高
- BID:98891
- cve编号:CVE-2017-0286
- Microsoft Windows PDF信息泄露漏洞(CVE-2017-8460)
- 危险等级:高
- BID:98887
- cve编号:CVE-2017-8460
- Microsoft Windows Graphics Component信息泄露漏洞(CVE-2017-0287)
- 危险等级:高
- BID:98922
- cve编号:CVE-2017-0287
- Microsoft Windows Graphics Component信息泄露漏洞(CVE-2017-0288)
- 危险等级:高
- BID:98923
- cve编号:CVE-2017-0288
- Microsoft Windows Kernel 信息泄露漏洞(CVE-2017-0299)
- 危险等级:高
- BID:98884
- cve编号:CVE-2017-0299
- Microsoft Outlook for Mac欺骗漏洞(CVE-2017-8545)
- 危险等级:高
- BID:98917
- cve编号:CVE-2017-8545
- Microsoft Windows Device Guard 本地安全限制绕过漏洞(CVE-2017-0218)
- 危险等级:高
- BID:98897
- cve编号:CVE-2017-0218
- Microsoft Windows Device Guard 本地安全限制绕过漏洞(CVE-2017-0216)
- 危险等级:高
- BID:98896
- cve编号:CVE-2017-0216
- Microsoft Internet Explorer/Edge远程内存破坏漏洞(CVE-2017-8517)
- 危险等级:高
- BID:98895
- cve编号:CVE-2017-8517
- Microsoft Edge远程内存破坏漏洞(CVE-2017-8496)
- 危险等级:高
- BID:98880
- cve编号:CVE-2017-8496
- Microsoft Edge远程内存破坏漏洞(CVE-2017-8499)
- 危险等级:高
- BID:98883
- cve编号:CVE-2017-8499
- Microsoft Edge远程内存破坏漏洞(CVE-2017-8497)
- 危险等级:高
- BID:98882
- cve编号:CVE-2017-8497
- Microsoft Windows Uniscribe信息泄露漏洞(CVE-2017-0282)
- 危险等级:高
- BID:98885
- cve编号:CVE-2017-0282
- Microsoft Edge远程信息泄露漏洞(CVE-2017-8498)
- 危险等级:高
- BID:98886
- cve编号:CVE-2017-8498
- Microsoft Edge远程信息泄露漏洞(CVE-2017-8504)
- 危险等级:高
- BID:98892
- cve编号:CVE-2017-8504
- Microsoft Windows Uniscribe信息泄露漏洞(CVE-2017-0285)
- 危险等级:高
- BID:98914
- cve编号:CVE-2017-0285
- Microsoft Edge远程内存破坏漏洞(CVE-2017-8521)
- 危险等级:高
- BID:98925
- cve编号:CVE-2017-8521
- Microsoft Windows Uniscribe远程代码执行漏洞(CVE-2017-0283)
- 危险等级:高
- BID:98920
- cve编号:CVE-2017-0283
- Microsoft Windows Uniscribe信息泄露漏洞(CVE-2017-0284)
- 危险等级:高
- BID:98919
- cve编号:CVE-2017-0284
- Microsoft Outlook内存破坏漏洞(CVE-2017-8507)
- 危险等级:高
- BID:98827
- cve编号:CVE-2017-8507
- Microsoft Windows 本地安全限制绕过漏洞(CVE-2017-8493)
- 危险等级:高
- BID:98850
- cve编号:CVE-2017-8493
- Microsoft Office安全限制绕过漏洞(CVE-2017-8508)
- 危险等级:高
- BID:98828
- cve编号:CVE-2017-8508
- Microsoft Edge安全功能绕过漏洞(CVE-2017-8530)
- 危险等级:高
- BID:98863
- cve编号:CVE-2017-8530
- Microsoft Windows Device Guard 本地安全限制绕过漏洞(CVE-2017-0173)
- 危险等级:高
- BID:98873
- cve编号:CVE-2017-0173
- Microsoft SharePoint跨站脚本漏洞(CVE-2017-8514)
- 危险等级:高
- BID:98831
- cve编号:CVE-2017-8514
- Microsoft Windows Uniscribe 信息泄露漏洞(CVE-2017-8534)
- 危险等级:高
- BID:98822
- cve编号:CVE-2017-8534
- Microsoft Windows Kernel 信息泄露漏洞(CVE-2017-8485)
- 危险等级:高
- BID:98860
- cve编号:CVE-2017-8485
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8492)
- 危险等级:高
- BID:98870
- cve编号:CVE-2017-8492
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8489)
- 危险等级:高
- BID:98865
- cve编号:CVE-2017-8489
- Microsoft Windows 远程代码执行漏洞(CVE-2017-0294)
- 危险等级:高
- BID:98837
- cve编号:CVE-2017-0294
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8490)
- 危险等级:高
- BID:98867
- cve编号:CVE-2017-8490
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8491)
- 危险等级:高
- BID:98869
- cve编号:CVE-2017-8491
- Microsoft Office DLL加载远程代码执行漏洞(CVE-2017-8506)
- 危险等级:高
- BID:98811
- cve编号:CVE-2017-8506
- Microsoft Office DLL加载远程代码执行漏洞(CVE-2017-0260)
- 危险等级:高
- BID:98810
- cve编号:CVE-2017-0260
- Microsoft Office远程代码执行漏洞(CVE-2017-8512)
- 危险等级:高
- BID:98816
- cve编号:CVE-2017-8512
- Microsoft Office远程代码执行漏洞(CVE-2017-8511)
- 危险等级:高
- BID:98815
- cve编号:CVE-2017-8511
- Microsoft Office远程代码执行漏洞(CVE-2017-8510)
- 危险等级:高
- BID:98813
- cve编号:CVE-2017-8510
- Microsoft Windows LNK远程代码执行漏洞(CVE-2017-8464)
- 危险等级:高
- BID:98818
- cve编号:CVE-2017-8464
- Microsoft Office远程代码执行漏洞(CVE-2017-8509)
- 危险等级:高
- BID:98812
- cve编号:CVE-2017-8509
- Microsoft Windows Graphics Component信息泄露漏洞(CVE-2017-8531)
- 危险等级:高
- BID:98819
- cve编号:CVE-2017-8531
- Microsoft Windows Graphics Component信息泄露漏洞(CVE-2017-8533)
- 危险等级:高
- BID:98821
- cve编号:CVE-2017-8533
- Microsoft Windows Graphics Component信息泄露漏洞(CVE-2017-8532)
- 危险等级:高
- BID:98820
- cve编号:CVE-2017-8532
- Microsoft Windows Search 信息泄露漏洞(CVE-2017-8544)
- 危险等级:高
- BID:98826
- cve编号:CVE-2017-8544
- Microsoft Windows Search 远程代码执行漏洞(CVE-2017-8543)
- 危险等级:高
- BID:98824
- cve编号:CVE-2017-8543
- Microsoft PowerPoint远程代码执行漏洞(CVE-2017-8513)
- 危险等级:高
- BID:98830
- cve编号:CVE-2017-8513
- Microsoft Windows 拒绝服务漏洞(CVE-2017-8515)
- 危险等级:高
- BID:98833
- cve编号:CVE-2017-8515
- Microsoft Windows PDF远程代码执行漏洞(CVE-2017-0291)
- 危险等级:高
- BID:98835
- cve编号:CVE-2017-0291
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8469)
- 危险等级:高
- BID:98842
- cve编号:CVE-2017-8469
- Microsoft Windows Kernel ‘Win32k.sys’ 本地权限提升漏洞(CVE-2017-8465)
- 危险等级:高
- BID:98843
- cve编号:CVE-2017-8465
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8478)
- 危险等级:高
- BID:98845
- cve编号:CVE-2017-8478
- Microsoft Windows Kernel ‘Win32k.sys’ 本地信息泄露漏洞(CVE-2017-8473)
- 危险等级:高
- BID:98852
- cve编号:CVE-2017-8473
- Microsoft Windows Kernel ‘Win32k.sys’ 本地信息泄露漏洞(CVE-2017-8475)
- 危险等级:高
- BID:98853
- cve编号:CVE-2017-8475
- Microsoft Windows Kernel ‘Win32k.sys’ 本地信息泄露漏洞(CVE-2017-8472)
- 危险等级:高
- BID:98851
- cve编号:CVE-2017-8472
- Microsoft Windows Kernel ‘Win32k.sys’ 本地信息泄露漏洞(CVE-2017-8477)
- 危险等级:高
- BID:98854
- cve编号:CVE-2017-8477
- Microsoft Windows Kernel ‘Win32k.sys’ 本地信息泄露漏洞(CVE-2017-8471)
- 危险等级:高
- BID:98849
- cve编号:CVE-2017-8471
- Microsoft Windows PDF远程代码执行漏洞(CVE-2017-0292)
- 危险等级:高
- BID:98836
- cve编号:CVE-2017-0292
- Microsoft Windows Kernel 信息泄露漏洞(CVE-2017-8482)
- 危险等级:高
- BID:98858
- cve编号:CVE-2017-8482
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8480)
- 危险等级:高
- BID:98857
- cve编号:CVE-2017-8480
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8481)
- 危险等级:高
- BID:98862
- cve编号:CVE-2017-8481
- Microsoft Windows Kernel ‘Win32k.sys’本地信息泄露漏洞(CVE-2017-8470)
- 危险等级:高
- BID:98848
- cve编号:CVE-2017-8470
- Microsoft Windows Kernel ‘Win32k.sys’ 本地信息泄露漏洞(CVE-2017-8484)
- 危险等级:高
- BID:98847
- cve编号:CVE-2017-8484
- Microsoft Windows Kernel ‘Win32k.sys’ 本地权限提升漏洞(CVE-2017-8468)
- 危险等级:高
- BID:98846
- cve编号:CVE-2017-8468
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8483)
- 危险等级:高
- BID:98859
- cve编号:CVE-2017-8483
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8479)
- 危险等级:高
- BID:98856
- cve编号:CVE-2017-8479
- Microsoft Windows Kernel 本地信息泄露漏洞(CVE-2017-8488)
- 危险等级:高
- BID:98864
- cve编号:CVE-2017-8488
- Microsoft Windows Cursor 本地权限提升漏洞(CVE-2017-8466)
- 危险等级:高
- BID:98844
- cve编号:CVE-2017-8466
- Microsoft Windows 本地权限提升漏洞(CVE-2017-8494)
- 危险等级:高
- BID:98855
- cve编号:CVE-2017-8494
- Microsoft Windows COM本地权限提升漏洞(CVE-2017-0298)
- 危险等级:高
- BID:98841
- cve编号:CVE-2017-0298
- Microsoft Windows TDX本地权限提升漏洞(CVE-2017-0296)
- 危险等级:高
- BID:98839
- cve编号:CVE-2017-0296
(数据来源:绿盟科技安全研究部&产品规则组)
原文发布时间:2017年6月21日
本文由:绿盟科技发布,版权归属于原作者
原文链接:http://toutiao.secjia.com/nsfocus-internet-security-threats-weekly-201724#
本文来自云栖社区合作伙伴安全加,了解相关信息可以关注安全加网站
