中心公告
2024/05/22
【漏洞預警】D-Link DIR-600路由器存在高風險安全漏洞(CVE-2021-40655),請儘速確認並進行修補
【說明】
轉發 國家資安資訊分享與分析中心 NISAC-200-202405-00000171
研究人員發現D-Link DIR-600路由器存在敏感資訊洩漏(Sensitive Information Disclosure)漏洞(CVE-2021-40655),未經身分鑑別之遠端攻擊者可發送偽造之POST請求,並利用此漏洞取得使用者帳號與通行碼。該漏洞已遭駭客利用,請儘速確認並採取對應措施。
情資分享等級: WHITE(情資內容為可公開揭露之資訊)
【影響平台】
D-Link dir-605 B2 2.01MT【建議措施】:
官方已不再支援受影響產品,建議進行汰換。
【參考資料】:
1. https://nvd.nist.gov/vuln/detail/CVE-2021-40655
2. https://www.cvedetails.com/cve/CVE-2021-40655
3. https://github.com/Ilovewomen/D-LINK-DIR-605
2024/05/22
【漏洞預警】Microsoft Windows桌面視窗管理(DWM)核心資料庫與存在高風險安全漏洞(CVE-2024-30051),請儘速確認並進行修補!
【說明】
轉發 國家資安資訊分享與分析中心 NISAC-200-202405-00000070
研究人員發現Microsoft Windows桌面視窗管理(DWM)核心資料庫存在本機提權(Local Privilege Escalation)漏洞(CVE-2024-30051),已取得本機帳號權限之攻擊者可利用此漏洞提升至SYSTEM權限。該漏洞已遭駭客利用,請儘速確認並進行修補。
情資分享等級: WHITE(情資內容為可公開揭露之資訊)
【影響平台】
● Windows 10 for 32-bit Systems● Windows 10 for x64-based Systems
● Windows 10 Version 1607 for 32-bit Systems
● Windows 10 Version 1607 for x64-based Systems
● Windows 10 Version 1809 for 32-bit Systems
● Windows 10 Version 1809 for ARM64-based Systems
● Windows 10 Version 1809 for x64-based Systems
● Windows 10 Version 21H2 for 32-bit Systems
● Windows 10 Version 21H2 for ARM64-based Systems
● Windows 10 Version 21H2 for x64-based Systems
● Windows 10 Version 22H2 for 32-bit Systems
● Windows 10 Version 22H2 for ARM64-based Systems
● Windows 10 Version 22H2 for x64-based Systems
● Windows 11 version 21H2 for ARM64-based Systems
● Windows 11 version 21H2 for x64-based Systems
● Windows 11 Version 22H2 for ARM64-based Systems
● Windows 11 Version 22H2 for x64-based Systems
● Windows 11 Version 23H2 for ARM64-based Systems
● Windows 11 Version 23H2 for x64-based Systems
● Windows Server 2016
● Windows Server 2016 (Server Core installation)
● Windows Server 2019
● Windows Server 2019 (Server Core installation)
● Windows Server 2022
● Windows Server 2022 (Server Core installation)
【建議措施】:
官方已針對漏洞釋出修復更新,請參考官方說明進行更新,網址如下: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051
【參考資料】:
1. https://nvd.nist.gov/vuln/detail/CVE-2024-30051
2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051
3. https://www.tenable.com/blog/microsofts-may-2024-patch-tuesday-addresses-59-cves-cve-2024-30051-cve-2024-30040
4. https://www.ithome.com.tw/news/162875
2024/05/22
【漏洞預警】以Chromium為基礎之瀏覽器存在安全漏洞(CVE-2024-4671),請儘速確認並進行修補
【說明】
轉發 國家資安資訊分享與分析中心 NISAC-200-202405-00000112
研究人員發現Google Chrome、Microsoft Edge及Vivaldi等以Chromium為基礎之瀏覽器存在記憶體釋放後使用(Use After Free)漏洞(CVE-2024-4671),且已遭駭客利用,請儘速確認並進行修補。
情資分享等級: WHITE(情資內容為可公開揭露之資訊)
【影響平台】
● Google Chrome 124.0.6367.201(不含)以下版本● Microsoft Edge(Based on Chromium) 124.0.2478.105(不含)以下版本
● Vivaldi 6.7.3329.31(不含)以下版本
【建議措施】:
一、請更新Google Chrome瀏覽器至124.0.6367.201(含)以上版本
https://support.google.com/chrome/answer/95414?hl=zh-Hant
二、請更新Microsoft Edge瀏覽器至124.0.2478.105(含)以上版本
https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1
三、請更新Vivaldi瀏覽器至6.7.3329.31(含)以上版本 https://help.vivaldi.com/desktop/install-update/update-vivaldi/
【參考資料】:
1. https://nvd.nist.gov/vuln/detail/cve-2024-4671
2. https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
3. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4761
4. https://vivaldi.com/blog/desktop/minor-update-five-6-7/
2024/05/22
【漏洞預警】Microsoft Windows MSHTML平台存在高風險安全漏洞(CVE-2024-30040),請儘速確認並進行修補!
【說明】
轉發 國家資安資訊分享與分析中心 NISAC-200-202405-00000136
研究人員發現Microsoft Windows MSHTML平台存在安全功能繞過(Security Feature Bypass)漏洞(CVE-2024-30040),遠端攻擊者可藉由誘騙使用者下載與開啟惡意檔案,繞過Microsoft 365與Office之物件連結與嵌入(OLE)防護機制,進而利用此漏洞達到遠端執行任意程式碼。該漏洞已遭駭客利用,請儘速確認並進行修補。
情資分享等級: WHITE(情資內容為可公開揭露之資訊)
【影響平台】
● Windows 10 for 32-bit Systems● Windows 10 for x64-based Systems
● Windows 10 Version 1607 for 32-bit Systems
● Windows 10 Version 1607 for x64-based Systems
● Windows 10 Version 1809 for 32-bit Systems
● Windows 10 Version 1809 for ARM64-based Systems
● Windows 10 Version 1809 for x64-based Systems
● Windows 10 Version 21H2 for 32-bit Systems
● Windows 10 Version 21H2 for ARM64-based Systems
● Windows 10 Version 21H2 for x64-based Systems
● Windows 10 Version 22H2 for 32-bit Systems
● Windows 10 Version 22H2 for ARM64-based Systems
● Windows 10 Version 22H2 for x64-based Systems
● Windows 11 version 21H2 for ARM64-based Systems
● Windows 11 version 21H2 for ARM64-based Systems
● Windows 11 version 21H2 for x64-based Systems
● Windows 11 Version 22H2 for ARM64-based Systems
● Windows 11 Version 22H2 for x64-based Systems
● Windows 11 Version 23H2 for ARM64-based Systems
● Windows 11 Version 23H2 for x64-based Systems
● Windows Server 2016
● Windows Server 2016 (Server Core installation)
● Windows Server 2019
● Windows Server 2019 (Server Core installation)
● Windows Server 2022
● Windows Server 2022 (Server Core installation)
● Windows Server 2022, 23H2 Edition (Server Core installation)
【建議措施】:
官方已針對漏洞釋出修復更新,請參考官方說明進行更新,網址如下:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040
【參考資料】:
1 https://nvd.nist.gov/vuln/detail/CVE-2024-30040
2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040
3. https://www.ithome.com.tw/news/162875
2024/01/04
【漏洞預警】WordPress 近日發布更新以解決遠端程式碼執行 (RCE) 安全性弱點,建議請管理者儘速評估更新!
【說明】
轉發 中華資安國際 CHTSECURITY-200-202401-00000001
WordPress 備份遷移外掛程式 (Backup Migration) 其中的檔案存在遠端程式碼執行弱點。遠端攻擊者可能藉由該弱點控制傳遞一個範圍的值,成功規避驗證後,進而可在受影響系統或伺服器執行任意程式碼。
情資分享等級: WHITE(情資內容為可公開揭露之資訊)
【影響平台】
WordPress Backup Migration 1.3.7 (含)之前版本【建議措施】:
請依照 WordPress 官網更新至建議最新版本:WordPress Backup Migration 1.3.8 (含)之後版本。
【參考資料】:
1.TWCERT/CC:https://www.twcert.org.tw/tw/cp-104-7653-0096a-1.html
2.Wordfence: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backup-backup/backup-migration-137-unauthenticated-remote-code-execution
3.BLEEPING COMPUTER: https://www.bleepingcomputer.com/news/security/50k-wordpress-sites-exposed-to-rce-attacks-by-critical-bug-in-backup-plugin/