中心公告

上一頁 下一頁  至頁底

7月份-微軟發佈07月份安全性公告,建議請儘速更新!

影響平台:

Microsoft Edge和Internet Explorer:
● Windows上安裝的Microsoft Edge(所有版本)
● Windows上安裝的Internet Explorer 9,Internet Explorer 10和Internet Explorer 11(所有版本)

微軟辦公軟件:
● Microsoft Access 2013 Service Pack 1(32位版本)
● Microsoft Access 2013 Service Pack 1(64位版本)
● Microsoft Access 2016(32位版)
● Microsoft Access 2016(64位版)
● Microsoft Excel Viewer
● Microsoft Lync 2013 Service Pack 1(32位)
● Microsoft Lync 2013 Service Pack 1(64位)
● Microsoft Office 2010 Service Pack 2(32位版本)
● Microsoft Office 2010 Service Pack 2(64位版本)
● Microsoft Office 2013 RT Service Pack 1
● Microsoft Office 2013 Service Pack 1(32位版本)
● Microsoft Office 2013 Service Pack 1(64位版本)
● Microsoft Office 2016(32位版)
● Microsoft Office 2016(64位版)
● 適用於32位版本的Microsoft Office 2016即點即用(C2R)
● 適用於64位版本的Microsoft Office 2016即點即用(C2R)
● 適用於Mac的Microsoft Office 2016
● Microsoft Office兼容包Service Pack 3
● Microsoft Office Word Viewer
● Microsoft PowerPoint Viewer
● Microsoft SharePoint Enterprise Server 2013 Service Pack 1
● Microsoft SharePoint Enterprise Server 2016
● Microsoft SharePoint Foundation 2013 Service Pack 1
● Microsoft Word 2010 Service Pack 2(32位版本)
● Microsoft Word 2010 Service Pack 2(64位版本)
● Microsoft Word 2013 RT Service Pack 1
● Microsoft Word 2013 Service Pack 1(32位版本)
● Microsoft Word 2013 Service Pack 1(64位版本)
● Microsoft Word 2016(32位版)
● Microsoft Word 2016(64位版)
● Skype for Business 2016(32位)
● Skype for Business 2016(64位)
● 適用於32位系統的Windows 10
● Windows 10 for x64-based Systems
● 用於32位系統的Windows 10版本1607
● 適用於基於x64的Windows 10版本1607
● 適用於32位系統的Windows 10版本1703
● 適用於基於x64的系統的Windows 10版本1703
● 適用於32位系統的Windows 10版本1709
● 適用於基於x64的系統的Windows 10版本1709
● 用於32位系統的Windows 10版本1803
● 適用於基於x64的系統的Windows 10版本1803
● Windows 7 for 32位系統Service Pack 1
● Windows 7(用於​​基於x64的系統)Service Pack 1
● 適用於32位系統的Windows 8.1
● Windows 8.1 for x64系統
● Windows RT 8.1
● Windows Server 2008 for 32位系統Service Pack 2
● Windows Server 2008(用於32位系統)Service Pack 2(服務器核心安裝)
● Windows Server 2008(用於基於Itanium的系統)Service Pack 2
● Windows Server 2008(用於基於x64的系統)Service Pack 2
● Windows Server 2008(用於基於x64的系統)Service Pack 2(服務器核心安裝)
● Windows Server 2008 R2(用於基於Itanium的系統)Service Pack 1
● Windows Server 2008 R2(用於基於x64的系統)Service Pack 1
● Windows Server 2012
● Windows Server 2012(服務器核心安裝)
● Windows Server 2012 R2
● Windows Server 2012 R2(服務器核心安裝)
● Windows Server 2016
● Windows Server 2016(服務器核心安裝)
● Windows Server,版本1709(服務器核心安裝)
● Windows Server,版本1803(服務器核心安裝)

微軟Windows:
● .NET Framework 4.7.2開發人員包
● Microsoft .NET Framework(所有版本)
● Microsoft Research JavaScript加密庫
● Microsoft Visual Studio 2010 Service Pack 1
● Microsoft Visual Studio 2012 Update 5
● Microsoft Visual Studio 2013 Update 5
● Microsoft Visual Studio 2015 Update 3
● Microsoft Visual Studio 2017
● Microsoft Visual Studio 2017版本15.7.5
● Microsoft Visual Studio 2017版本15.8預覽
● Microsoft無線顯示適配器V2軟件版本2.0.8350
● Microsoft無線顯示適配器V2軟件版本2.0.8365
● Microsoft無線顯示適配器V2軟件版本2.0.8372
● PowerShell編輯器服務
● Visual Studio代碼的PowerShell擴展
● Active Directory聯合身份驗證服務的Web自定義
● Adobe Flash Player
● ChakraCore

Microsoft發布07月份安全性公告,Microsoft軟件存在弱點,遠端攻擊者可利用弱點控制受影響的系統。
目前已知多個軟體版本受到影響,HiNet SOC建議請管理者/使用者儘速更新,以降低受駭風險。

詳細資訊請參考微軟官方網站

更多公告

6月份-微軟發佈06月份安全性公告,建議請儘速更新!

影響平台:

Microsoft Edge and Internet Explorer:
● Microsoft Edge installed on Windows (all editions)
● Internet Explorer 10, and Internet Explorer 11 installed on Windows (all editions)

Microsoft Office:
● Excel Services
● Microsoft Excel 2010 Service Pack 2 (32-bit editions)
● Microsoft Excel 2010 Service Pack 2 (64-bit editions)
● Microsoft Excel 2013 RT Service Pack 1
● Microsoft Excel 2013 Service Pack 1 (32-bit editions)
● Microsoft Excel 2013 Service Pack 1 (64-bit editions)
● Microsoft Excel 2016 (32-bit edition)
● Microsoft Excel 2016 (64-bit edition)
● Microsoft Excel Viewer
● Microsoft Office 2010 Service Pack 2 (32-bit editions)
● Microsoft Office 2010 Service Pack 2 (64-bit editions)
● Microsoft Office 2013 RT Service Pack 1
● Microsoft Office 2013 Service Pack 1 (32-bit editions)
● Microsoft Office 2013 Service Pack 1 (64-bit editions)
● Microsoft Office 2016 (32-bit edition)
● Microsoft Office 2016 (64-bit edition)
● Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
● Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
● Microsoft Office Compatibility Pack Service Pack 3
● Microsoft Office Web Apps Server 2010 Service Pack 2
● Microsoft Office Web Apps Server 2013 Service Pack 1
● Microsoft Office Online Server 2016
● Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
● Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
● Microsoft Outlook 2013 RT Service Pack 1
● Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
● Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
● Microsoft Outlook 2016 (32-bit edition)
● Microsoft Outlook 2016 (64-bit edition)
● Microsoft Project Server 2010 Service Pack 2
● Microsoft Publisher 2010 Service Pack 2 (32-bit editions)
● Microsoft Publisher 2010 Service Pack 2 (64-bit editions)
● Microsoft SharePoint Enterprise Server 2016
● Microsoft SharePoint Foundation 2013 Service Pack 1
● Word Automation Services

Microsoft Windows:
● Windows 10 for 32-bit Systems
● Windows 10 for x64-based Systems
● Windows 10 Version 1607 for 32-bit Systems
● Windows 10 Version 1607 for x64-based Systems
● Windows 10 Version 1703 for 32-bit Systems
● Windows 10 Version 1703 for x64-based Systems
● Windows 10 Version 1709 for 32-bit Systems
● Windows 10 Version 1709 for x64-based Systems
● Windows 10 Version 1803 for 32-bit Systems
● Windows 10 Version 1803 for x64-based Systems
● Windows 7 for 32-bit Systems Service Pack 1
● Windows 7 for x64-based Systems Service Pack 1
● Windows 8.1 for 32-bit systems
● Windows 8.1 for x64-based systems
● Windows RT 8.1
● Windows Server 2008 for 32-bit Systems Service Pack 2
● Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
● Windows Server 2008 for Itanium-Based Systems Service Pack 2
● Windows Server 2008 for x64-based Systems Service Pack 2
● Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
● Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
● Windows Server 2008 R2 for x64-based Systems Service Pack 1
● Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
● Windows Server 2012
● Windows Server 2012 (Server Core installation)
● Windows Server 2012 R2
● Windows Server 2012 R2 (Server Core installation)
● Windows Server 2016
● Windows Server 2016 (Server Core installation)
● Windows Server, version 1709 (Server Core Installation)
● Windows Server, version 1803 (Server Core Installation)
● Adobe Flash Player
● ChakraCore

Microsoft 發佈06月份安全性公告,Microsoft 軟體存在弱點,遠端攻擊者可利用弱點控制受影響的系統。

目前已知多個軟體版本受到影響,HiNet SOC 建議請管理者/使用者儘速更新,以降低受駭風險。

詳細資訊請參考微軟官方網站

多款DrayTek路由設備存在零時差漏洞,請儘速確認並進行更新!

【漏洞預警】多款DrayTek路由設備存在零時差漏洞,允許攻擊者竄改DNS位址及DHCP設定,請儘速確認並進行更新!

[內容說明:]

轉發行政院國家資通安全會報技術服務中心 資安訊息警訊 NCCST-ANA-201805-0040

研究人員發現多款DrayTek路由設備存在零時差漏洞,允許攻擊者藉由攔截管理者SESSION連線,並透過遠端管理功能竄改路由設備的DNS及DHCP設定。目前已知受害設備的DNS伺服器位址會被設為38.134.121.95,導致攻擊者可將受害者瀏覽的網站轉導到惡意網站,或是竊取使用的憑證等。

[影響平台:]

● Vigor2120 version 3.8.8.2(不含)以前版本
● Vigor2133 version 3.8.8.2(不含)以前版本
● Vigor2760D version 3.8.8.2(不含)以前版本
● Vigor2762 version 3.8.8.2(不含)以前版本
● Vigor2832 version 3.8.8.2(不含)以前版本
● Vigor2860 version 3.8.8(不含)以前版本
● Vigor2862 version 3.8.8.2(不含)以前版本
● Vigor2862B version 3.8.8.2(不含)以前版本
● Vigor2912 version 3.8.8.2(不含)以前版本
● Vigor2925 version 3.8.8.2(不含)以前版本
● Vigor2926 version 3.8.8.2(不含)以前版本
● Vigor2952 version 3.8.8.2(不含)以前版本
● Vigor3200 version 3.8.8.2(不含)以前版本
● Vigor3220 version 3.8.8.2(不含)以前版本
● VigorBX2000 version 3.8.1.9(不含)以前版本
● Vigor2830nv2 version 3.8.8.2(不含)以前版本
● Vigro2830 version 3.8.8.2(不含)以前版本
● Vigor2850 version 3.8.8.2(不含)以前版本
● Vigor2920 version 3.8.8.2(不含)以前版本

[建議措施:]

1.進行韌體更新,步驟如下:
(1)請至官方網站下載韌體更新工具,連結如下:
https://www.draytek.com/zh/download/software/firmware-upgrade-utility/
(2)請至下列連結,並依照設備型號下載韌體更新檔案:
http://www.draytek.com.tw/ftp/
(3)開啟更新工具,並填入設備IP及韌體更新檔路徑後,點選「送出」進行更新。

2.依官網指示關閉遠端管理功能,如有需要請改用VPN進行遠端存取,方法連結如下:
https://www.draytek.com/zh/about/news/2018/notification-of-urgent-security-updates-to-draytek-routers

[參考資料:]

1.https://www.draytek.com/zh/about/news/2018/notification-of-urgent-security-updates-to-draytek-routers

2.https://www.draytek.com/en/about/news/2018/notification-of-urgent-security-updates-to-draytek-routers

3.https://www.ithome.com.tw/news/123293

4.https://www.securityweek.com/attackers-change-dns-settings-draytek-routers

詳情請參閱下方參考連結!

發佈日期:2018-05-25

參考位址:https://www.draytek.com/zh/about/news/2018/notification-of-urgent-security-updates-to-draytek-routers

惡意程式專門利用臉書Messenger感染Chrome用戶

趨勢:惡意程式專門利用臉書Messenger感染Chrome用戶,直指加密貨幣而來

新聞來源:iThome

摘要:

趨勢科技本周披露了一個專門藉由Facebook Messenger進行散布,且主要感染Chrome瀏覽器用戶的FacexWorm惡意程式,該惡意程式鎖定的目標為近來盛行的加密貨幣,包括竊取用戶加密貨幣憑證、進行加密貨幣詐騙、誘導用戶造訪遭植入採礦程式的網頁,以及挾持加密貨幣的交易等,功能非常完善。

詳情請參閱下方參考連結!

發佈日期:2018-05-01

參考位址:https://www.ithome.com.tw/news/122796

5月份-微軟發佈05月份安全性公告,建議請儘速更新!

影響平台:

Microsoft Edge and Internet Explorer:
● Microsoft Edge installed on Windows (all editions)
● Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 installed on Windows (all editions)

Microsoft Office:
● Microsoft Excel 2010 Service Pack 2 (32-bit editions)
● Microsoft Excel 2010 Service Pack 2 (64-bit editions)
● Microsoft Excel 2013 RT Service Pack 1
● Microsoft Excel 2013 Service Pack 1 (32-bit editions)
● Microsoft Excel 2013 Service Pack 1 (64-bit editions)
● Microsoft Excel 2016 (32-bit edition)
● Microsoft Excel 2016 (64-bit edition)
● Microsoft Infopath 2013 Service Pack 1 (32-bit edition)
● Microsoft Infopath 2013 Service Pack 1 (64-bit edition)
● Microsoft Office 2010 Service Pack 2 (32-bit editions)
● Microsoft Office 2010 Service Pack 2 (64-bit editions)
● Microsoft Office 2013 RT Service Pack 1
● Microsoft Office 2013 Service Pack 1 (32-bit editions)
● Microsoft Office 2013 Service Pack 1 (64-bit editions)
● Microsoft Office 2016 (32-bit edition)
● Microsoft Office 2016 (64-bit edition)
● Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
● Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
● Microsoft Office Compatibility Pack Service Pack 3
● Microsoft Office Web Apps 2010 Service Pack 2
● Microsoft Office Web Apps Server 2013 Service Pack 1
● Microsoft Project Server 2010 Service Pack 2
● Microsoft Project Server 2013 Service Pack 1
● Microsoft SharePoint Enterprise Server 2016
● Microsoft SharePoint Enterprise Server 2013 Service Pack 1
● Microsoft SharePoint Server 2010 Service Pack 2
● Microsoft Word 2010 Service Pack 2 (32-bit editions)
● Microsoft Word 2010 Service Pack 2 (64-bit editions)
● Microsoft Word 2013 RT Service Pack 1
● Microsoft Word 2013 Service Pack 1 (32-bit editions)
● Microsoft Word 2013 Service Pack 1 (64-bit editions)
● Microsoft Word 2016 (32-bit edition)
● Microsoft Word 2016 (64-bit edition)
● Word Automation Services
● Word Automation Services

Microsoft Windows:
● Microsoft .NET Framework (all editions)
● Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21
● Microsoft Exchange Server 2013 Cumulative Update 19
● Microsoft Exchange Server 2013 Cumulative Update 20
● Microsoft Exchange Server 2013 Service Pack 1
● Microsoft Exchange Server 2016 Cumulative Update 8
● Microsoft Exchange Server 2016 Cumulative Update 9
● Windows 10 for 32-bit Systems
● Windows 10 for x64-based Systems
● Windows 10 Version 1607 for 32-bit Systems
● Windows 10 Version 1607 for x64-based Systems
● Windows 10 Version 1703 for 32-bit Systems
● Windows 10 Version 1703 for x64-based Systems
● Windows 10 Version 1709 for 32-bit Systems
● Windows 10 Version 1709 for x64-based Systems
● Windows 10 Version 1803 for 32-bit Systems
● Windows 10 Version 1803 for x64-based Systems
● Windows 7 for 32-bit Systems Service Pack 1
● Windows 7 for x64-based Systems Service Pack 1
● Windows 8.1 for 32-bit systems
● Windows 8.1 for x64-based systems
● Windows RT 8.1
● Windows Server 2008 for 32-bit Systems Service Pack 2
● Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
● Windows Server 2008 for Itanium-Based Systems Service Pack 2
● Windows Server 2008 for x64-based Systems Service Pack 2
● Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
● Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
● Windows Server 2008 R2 for x64-based Systems Service Pack 1
● Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
● Windows Server 2012
● Windows Server 2012 (Server Core installation)
● Windows Server 2012 R2
● Windows Server 2012 R2 (Server Core installation)
● Windows Server 2016
● Windows Server 2016 (Server Core installation)
● Windows Server, version 1709 (Server Core Installation)
● Windows Server, version 1803 (Server Core Installation)
● Adobe Flash Player
● .NET Core 2.0
● C SDK for Azure IoT
● ChakraCore
● Java SDK for Azure IoT
● Windows Host Compute Service Shim

說明:Microsoft 發佈05月份安全性公告,Microsoft 軟體存在弱點,遠端攻擊者可利用弱點控制受影響的系統。

目前已知多個軟體版本受到影響,HiNet SOC 建議請管理者/使用者儘速更新,以降低受駭風險

詳細資訊請參考微軟官方網站

上一頁 下一頁  至頁首