中心公告
HP上百款印表機爆遠端執行程式碼嚴重漏洞,用戶應儘速更新韌體
新聞來源:iThome
摘要:
名為CVE-2018-5924、CVE-2018-5925的漏洞,存在於HP多款噴墨印表機的韌體中,將可能引發遠端執行程式碼攻擊,多達155款產品受到影響,幾乎遍及HP旗下噴墨系列印表機,HP現已提供韌體更新。
詳情請參閱下方參考連結!
發佈日期:2018-08-13
參考位址:https://www.ithome.com.tw/news/125152
影響平台:
Microsoft Edge和Internet Explorer:
● Windows上安裝的Microsoft Edge(所有版本)
● Windows上安裝的Internet Explorer 9,Internet Explorer 10和Internet Explorer 11(所有版本)
微軟辦公軟件:
● 適用於32位版本的Microsoft Excel 2016即點即用(C2R)
● Microsoft Excel 2016即點即用(C2R)適用於64位版本
● Microsoft Excel 2010 Service Pack 2(32位版本)
● Microsoft Excel 2010 Service Pack 2(64位版本)
● Microsoft Excel 2013 RT Service Pack 1
● Microsoft Excel 2013 Service Pack 1(32位版本)
● Microsoft Excel 2013 Service Pack 1(64位版本)
● Microsoft Excel 2016(32位版)
● Microsoft Excel 2016(64位版)
● Microsoft Excel Viewer 2007 Service Pack 3
● 適用於32位版本的Microsoft Office 2016即點即用(C2R)
● 適用於64位版本的Microsoft Office 2016即點即用(C2R)
● 適用於Mac的Microsoft Office 2016
● Microsoft Office兼容包Service Pack 3
● Microsoft Office Web Apps 2010 Service Pack 2
● Microsoft Office Web Apps 2013 Service Pack 1
● Microsoft Office Word Viewer
● Microsoft Outlook 2013 Service Pack 1(32位版本)
● Microsoft Outlook 2013 Service Pack 1(64位版本)
● Microsoft Outlook 2016(32位版)
● Microsoft Outlook 2016(64位版)
● 適用於32位版本的Microsoft Outlook 2016即點即用(C2R)
● 適用於64位版本的Microsoft Outlook 2016即點即用(C2R)
● Microsoft PowerPoint 2010 Service Pack 2(32位版本)
● Microsoft PowerPoint 2010 Service Pack 2(64位版本)
● Microsoft SharePoint Enterprise Server 2013 Service Pack 1
● Microsoft SharePoint Enterprise Server 2016
● Word自動化服務
微軟Windows:
● Microsoft .NET Framework(所有版本)
● Microsoft Visual Studio 2015 Update 3
● Microsoft Visual Studio 2017
● Microsoft Visual Studio 2017版本15.8
● Microsoft Exchange Server 2010 Service Pack 3更新匯總23
● Microsoft Exchange Server 2013累積更新20
● Microsoft Exchange Server 2013累積更新21
● Microsoft Exchange Server 2016累積更新10
● Microsoft Exchange Server 2016累積更新9
● Microsoft SQL Server 2016(用於基於x64的系統)Service Pack 1
● Microsoft SQL Server 2016(用於基於x64的系統)Service Pack 1(CU)
● Microsoft SQL Server 2016(用於基於x64的系統)Service Pack 2
● Microsoft SQL Server 2016(用於基於x64的系統)Service Pack 2(CU)
● 用於基於x64的系統的Microsoft SQL Server 2017
● 用於基於x64的系統的Microsoft SQL Server 2017(CU)
● 適用於32位系統的Windows 10
● Windows 10 for x64-based Systems
● 用於32位系統的Windows 10版本1607
● 適用於基於x64的系統的Windows 10版本1607
● 適用於32位系統的Windows 10版本1703
● 適用於基於x64的系統的Windows 10版本1703
● 適用於32位系統的Windows 10版本1709
● 適用於基於x64的系統的Windows 10版本1709
● 用於32位系統的Windows 10版本1803
● 適用於基於x64的系統的Windows 10版本1803
● Windows 7 for 32位系統Service Pack 1
● Windows 7(用於基於x64的系統)Service Pack 1
● 適用於32位系統的Windows 8.1
● Windows 8.1 for x64系統
● Windows RT 8.1
● Windows Server 2008 for 32位系統Service Pack 2
● Windows Server 2008(用於32位系統)Service Pack 2(服務器核心安裝)
● Windows Server 2008(用於基於Itanium的系統)Service Pack 2
● Windows Server 2008(用於基於x64的系統)Service Pack 2
● Windows Server 2008(用於基於x64的系統)Service Pack 2(服務器核心安裝)
● Windows Server 2008 R2(用於基於Itanium的系統)Service Pack 1
● Windows Server 2008 R2(用於基於x64的系統)Service Pack 1
● Windows Server 2008 R2(用於基於x64的系統)Service Pack 1(服務器核心安裝)
● Windows Server 2012
● Windows Server 2012(服務器核心安裝)
● Windows Server 2012 R2
● Windows Server 2012 R2(服務器核心安裝)
● Windows Server 2016
● Windows Server 2016(服務器核心安裝)
● Windows Server,版本1709(服務器核心安裝)
● Windows Server,版本1803(服務器核心安裝)
● Adobe Flash Player
● ChakraCore
Microsoft發布08月份安全性公告,Microsoft軟件存在弱點,遠端攻擊者可利用弱點控制受影響的系統。
目前已知多個軟體版本受到影響,HiNet SOC建議請管理者/使用者儘速更新,以降低受駭風險。
詳細資訊請參考微軟官方網站
IBM:10款惡意程式暗藏木馬,成功潛入Google Play
新聞來源:iThome
摘要:
IBM資安團隊X-Force從6月起,在Google Play商店接連發現了至少10款惡意應用程式,這些惡意軟體都以阿奴比斯銀行木馬(BankBot Anubis)感染使用者的裝置,藉由偷取使用者的銀行帳密,進行金融詐欺犯罪。研究團隊提到,雖然10隻惡意程式數量不多,但在每隻惡意軟體的C&C伺服器(Command-and-Control)都可以採集到超過一千個樣本,影響總範圍並不小。
詳情請參閱下方參考連結!
發佈日期:2018-07-13
參考位址:https://www.ithome.com.tw/news/124559
影響平台:
Microsoft Edge和Internet Explorer:
● Windows上安裝的Microsoft Edge(所有版本)
● Windows上安裝的Internet Explorer 9,Internet Explorer 10和Internet Explorer 11(所有版本)
微軟辦公軟件:
● Microsoft Access 2013 Service Pack 1(32位版本)
● Microsoft Access 2013 Service Pack 1(64位版本)
● Microsoft Access 2016(32位版)
● Microsoft Access 2016(64位版)
● Microsoft Excel Viewer
● Microsoft Lync 2013 Service Pack 1(32位)
● Microsoft Lync 2013 Service Pack 1(64位)
● Microsoft Office 2010 Service Pack 2(32位版本)
● Microsoft Office 2010 Service Pack 2(64位版本)
● Microsoft Office 2013 RT Service Pack 1
● Microsoft Office 2013 Service Pack 1(32位版本)
● Microsoft Office 2013 Service Pack 1(64位版本)
● Microsoft Office 2016(32位版)
● Microsoft Office 2016(64位版)
● 適用於32位版本的Microsoft Office 2016即點即用(C2R)
● 適用於64位版本的Microsoft Office 2016即點即用(C2R)
● 適用於Mac的Microsoft Office 2016
● Microsoft Office兼容包Service Pack 3
● Microsoft Office Word Viewer
● Microsoft PowerPoint Viewer
● Microsoft SharePoint Enterprise Server 2013 Service Pack 1
● Microsoft SharePoint Enterprise Server 2016
● Microsoft SharePoint Foundation 2013 Service Pack 1
● Microsoft Word 2010 Service Pack 2(32位版本)
● Microsoft Word 2010 Service Pack 2(64位版本)
● Microsoft Word 2013 RT Service Pack 1
● Microsoft Word 2013 Service Pack 1(32位版本)
● Microsoft Word 2013 Service Pack 1(64位版本)
● Microsoft Word 2016(32位版)
● Microsoft Word 2016(64位版)
● Skype for Business 2016(32位)
● Skype for Business 2016(64位)
● 適用於32位系統的Windows 10
● Windows 10 for x64-based Systems
● 用於32位系統的Windows 10版本1607
● 適用於基於x64的Windows 10版本1607
● 適用於32位系統的Windows 10版本1703
● 適用於基於x64的系統的Windows 10版本1703
● 適用於32位系統的Windows 10版本1709
● 適用於基於x64的系統的Windows 10版本1709
● 用於32位系統的Windows 10版本1803
● 適用於基於x64的系統的Windows 10版本1803
● Windows 7 for 32位系統Service Pack 1
● Windows 7(用於基於x64的系統)Service Pack 1
● 適用於32位系統的Windows 8.1
● Windows 8.1 for x64系統
● Windows RT 8.1
● Windows Server 2008 for 32位系統Service Pack 2
● Windows Server 2008(用於32位系統)Service Pack 2(服務器核心安裝)
● Windows Server 2008(用於基於Itanium的系統)Service Pack 2
● Windows Server 2008(用於基於x64的系統)Service Pack 2
● Windows Server 2008(用於基於x64的系統)Service Pack 2(服務器核心安裝)
● Windows Server 2008 R2(用於基於Itanium的系統)Service Pack 1
● Windows Server 2008 R2(用於基於x64的系統)Service Pack 1
● Windows Server 2012
● Windows Server 2012(服務器核心安裝)
● Windows Server 2012 R2
● Windows Server 2012 R2(服務器核心安裝)
● Windows Server 2016
● Windows Server 2016(服務器核心安裝)
● Windows Server,版本1709(服務器核心安裝)
● Windows Server,版本1803(服務器核心安裝)
微軟Windows:
● .NET Framework 4.7.2開發人員包
● Microsoft .NET Framework(所有版本)
● Microsoft Research JavaScript加密庫
● Microsoft Visual Studio 2010 Service Pack 1
● Microsoft Visual Studio 2012 Update 5
● Microsoft Visual Studio 2013 Update 5
● Microsoft Visual Studio 2015 Update 3
● Microsoft Visual Studio 2017
● Microsoft Visual Studio 2017版本15.7.5
● Microsoft Visual Studio 2017版本15.8預覽
● Microsoft無線顯示適配器V2軟件版本2.0.8350
● Microsoft無線顯示適配器V2軟件版本2.0.8365
● Microsoft無線顯示適配器V2軟件版本2.0.8372
● PowerShell編輯器服務
● Visual Studio代碼的PowerShell擴展
● Active Directory聯合身份驗證服務的Web自定義
● Adobe Flash Player
● ChakraCore
Microsoft發布07月份安全性公告,Microsoft軟件存在弱點,遠端攻擊者可利用弱點控制受影響的系統。
目前已知多個軟體版本受到影響,HiNet SOC建議請管理者/使用者儘速更新,以降低受駭風險。
詳細資訊請參考微軟官方網站
影響平台:
Microsoft Edge and Internet Explorer:
● Microsoft Edge installed on Windows (all editions)
● Internet Explorer 10, and Internet Explorer 11 installed on Windows (all editions)
Microsoft Office:
● Excel Services
● Microsoft Excel 2010 Service Pack 2 (32-bit editions)
● Microsoft Excel 2010 Service Pack 2 (64-bit editions)
● Microsoft Excel 2013 RT Service Pack 1
● Microsoft Excel 2013 Service Pack 1 (32-bit editions)
● Microsoft Excel 2013 Service Pack 1 (64-bit editions)
● Microsoft Excel 2016 (32-bit edition)
● Microsoft Excel 2016 (64-bit edition)
● Microsoft Excel Viewer
● Microsoft Office 2010 Service Pack 2 (32-bit editions)
● Microsoft Office 2010 Service Pack 2 (64-bit editions)
● Microsoft Office 2013 RT Service Pack 1
● Microsoft Office 2013 Service Pack 1 (32-bit editions)
● Microsoft Office 2013 Service Pack 1 (64-bit editions)
● Microsoft Office 2016 (32-bit edition)
● Microsoft Office 2016 (64-bit edition)
● Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
● Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
● Microsoft Office Compatibility Pack Service Pack 3
● Microsoft Office Web Apps Server 2010 Service Pack 2
● Microsoft Office Web Apps Server 2013 Service Pack 1
● Microsoft Office Online Server 2016
● Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
● Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
● Microsoft Outlook 2013 RT Service Pack 1
● Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
● Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
● Microsoft Outlook 2016 (32-bit edition)
● Microsoft Outlook 2016 (64-bit edition)
● Microsoft Project Server 2010 Service Pack 2
● Microsoft Publisher 2010 Service Pack 2 (32-bit editions)
● Microsoft Publisher 2010 Service Pack 2 (64-bit editions)
● Microsoft SharePoint Enterprise Server 2016
● Microsoft SharePoint Foundation 2013 Service Pack 1
● Word Automation Services
Microsoft Windows:
● Windows 10 for 32-bit Systems
● Windows 10 for x64-based Systems
● Windows 10 Version 1607 for 32-bit Systems
● Windows 10 Version 1607 for x64-based Systems
● Windows 10 Version 1703 for 32-bit Systems
● Windows 10 Version 1703 for x64-based Systems
● Windows 10 Version 1709 for 32-bit Systems
● Windows 10 Version 1709 for x64-based Systems
● Windows 10 Version 1803 for 32-bit Systems
● Windows 10 Version 1803 for x64-based Systems
● Windows 7 for 32-bit Systems Service Pack 1
● Windows 7 for x64-based Systems Service Pack 1
● Windows 8.1 for 32-bit systems
● Windows 8.1 for x64-based systems
● Windows RT 8.1
● Windows Server 2008 for 32-bit Systems Service Pack 2
● Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
● Windows Server 2008 for Itanium-Based Systems Service Pack 2
● Windows Server 2008 for x64-based Systems Service Pack 2
● Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
● Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
● Windows Server 2008 R2 for x64-based Systems Service Pack 1
● Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
● Windows Server 2012
● Windows Server 2012 (Server Core installation)
● Windows Server 2012 R2
● Windows Server 2012 R2 (Server Core installation)
● Windows Server 2016
● Windows Server 2016 (Server Core installation)
● Windows Server, version 1709 (Server Core Installation)
● Windows Server, version 1803 (Server Core Installation)
● Adobe Flash Player
● ChakraCore
Microsoft 發佈06月份安全性公告,Microsoft 軟體存在弱點,遠端攻擊者可利用弱點控制受影響的系統。
目前已知多個軟體版本受到影響,HiNet SOC 建議請管理者/使用者儘速更新,以降低受駭風險。
詳細資訊請參考微軟官方網站