【资讯处-转知】 (ANA事件单通知:TACERT-ANA-2021081003084040)(【漏洞预警】近两年骇客最常利用之29个漏洞资讯与修补方式)

发布编号:TACERT-ANA-2021081003084040

发布时间:2021-08-11 09:39:41

事故类型:ANA-漏洞预警

发现时间:2021-08-10 15:32:41

影响等级:中

 

 

[主旨说明:]

【漏洞预警】近两年骇客最常利用之29个漏洞资讯与修补方式

 

 

[内容说明:]

转发 国家资安资讯分享与分析中心 资安讯息警讯 NISAC-ANA-202108-0595

美国网络安全暨基础架构管理署(Cybersecurity and Infrastructure Security Agency , CISA)、美国联邦调查局(Federal Bureau of Investigation, FBI)、澳州网络安全中心(Australian Cyber Security Centre, ACSC)及英国国家网络安全中心(National Cyber Security Centre, NCSC)于7月28日共同发布资安公告,汇整2020年迄今骇客最常利用之29个漏洞资讯与修补方式,呼吁各政府机关(构)与企业尽速修补这些漏洞。相关技术细节与防护建议请参考附件。

情资分享等级: WHITE(情资内容为可公开揭露之资讯)

 

 

[影响平台:]

相关影响平台请参考此公告最下方附件「近两年骇客最常利用之29个漏洞资讯与修补方式之资安通告单」。

 

 

[建议措施:]

1.相关技术细节与防护建议请参考附件。

2.此则警讯仅作通知用途,无需进行任何通报作业。

 

 

[参考资料:]

[1] https://us-cert.cisa.gov/ncas/alerts/aa21-209a

[2] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882

[3] https://support.microsoft.com/en-us/topic/how-to-disable-equation-editor-3-0-7e000f58-cbf4-e805-b4b1-fde0243c9a92

[4] https://www.drupal.org/sa-core-2018-002

[5] https://www.fortiguard.com/psirt/FG-IR-18-384

[6] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0604

[7] https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html

[8] https://www.fortiguard.com/psirt/FG-IR-19-037

[9] https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

[10] https://jira.atlassian.com/browse/CWD-5388

[11] https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization

[12] https://support.citrix.com/article/CTX267679

[13] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-0688

[14] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0787

[15] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472

[16] https://support.f5.com/csp/article/K52145254

[17] https://www.fortiguard.com/psirt/FG-IR-19-283

[18] https://www.ivanti.com/blog/mobileiron-security-updates-available?miredirect

[19] https://www.vmware.com/security/advisories/VMSA-2021-0010.html

[20] https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784

[21] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855

[22] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857

[23] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858

[24] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065

[25] https://www.accellion.com/company/press-releases/accellion-responds-to-recent-fta-security-incident/

(此通报仅在于告知相关资讯,并非为资安事件),如果您对此通报的内容有疑问或有关于此事件的建议,欢迎与我们连络。

教育机构资安通报应变小组

网址:https://info.cert.tanet.edu.tw/

专线电话:07-5250211

网络电话:98400000

E-Mail:service@cert.tanet.edu.tw

编辑