绿盟科技互联网安全威胁周报 ——第 201824周

截止到2018年6月15日,绿盟科技漏洞库已收录总条目达到40102条。本周新增漏洞记录64条,其中高危漏 洞数量63条,中危漏洞数量1条,低危漏洞数量0条。本周焦点漏洞关注Adobe Flash Player远程代码执行漏洞。在Adobe Flash Player 29.0.0.171及更早版本上存在类型混淆漏洞,成功利用后可使攻击者执行任意代 码。

一. 互联网安全威胁态势

1.1 CVE统计

最近一周CVE公告总数与前期相比无明显起伏。

1.2 威胁信息回顾

  • 标题:Acfun用户数据泄露

时间:2018-06-14

简介:近日,弹幕视频网站AcFun(A站)发布官方声明称其网站被黑客攻击,千万条用户信息泄 露,包括用户名ID与密码等。这些泄露的用户信息在暗网上已被公开出售,同时出售的还包括其 他商家的用户信息。攻击者在论坛中表示自己也是A站的忠实用户,只是为了提醒A站能及时修 补漏洞,在达到目的以后,删除了已获取到的数据。

链接:http://toutiao.secjia.com/article/page?topid=110338

  • 标题:New ‘Lazy FP State Restore’ Vulnerability Found in All Modern Intel CPUs

时间:2018-06-13

简介:Hell Yeah! Another security vulnerability has been discovered in Intel chips that
affects the processor’s speculative execution technology—like Specter and
Meltdown—and could potentially be exploited to access sensitive information,
including encryption related data.

链接:https://thehackernews.com/2018/06/intel-processor-vulnerability.html? utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+- +Security+Blog%29

  • 标题:Dixons Carphone breach: Millions of card and user data compromised

时间:2018-06-13

简介:A prominent United Kingdom-based retailer has suffered a massive data breach in which personal and financial data of millions of customers have been compromised.

链接:https://www.hackread.com/dixons-carphone-breach-card-user-data- compromised/

  • 标题:Amazon Fire TV & Fire TV Stick hit by crypto mining Android malware

时间:2018-06-12

简介:A traditional malware aims at stealing user data or keep an eye on victim’s online activities whereas depending on its capabilities a crypto mining malware not only steals data but also uses computing power (CPU) of victim’s PC to mine cryptocurrency and slow down its performance.

链接:https://www.hackread.com/amazon-fire-tv-fire-tv-stick-crypto-mining-android- malware/

  • 标题:Signature Validation Bug Let Malware Bypass Several Mac Security Products

时间:2018-06-12

简介:A years-old vulnerability has been discovered in the way several security
products for Mac implement Apple’s code-signing API that could make it easier for
malicious programs to bypass the security check, potentially leaving millions of Apple
users vulnerable to hackers.

链接:https://thehackernews.com/2018/06/apple-mac-code-signing.html? utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+- +Security+Blog%29

  • 标题:US debuts world’s fastest supercomputer

时间:2018-06-11

简介:China’s Sunway TaihuLight supercomputer, until now the world’s most powerful machine, has a processing power of 93 petaflops. 链接:https://www.bbc.com/news/technology-44439515

(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)

二. 漏洞研究

2.1 漏洞库统计

截止到2018年6月15日,绿盟科技漏洞库已收录总条目达到40102条。本周新增漏洞记录64条,其中高危漏 洞数量63条,中危漏洞数量1条,低危漏洞数量0条。

  • Adobe Flash Player越界读漏洞(CVE-2018-5001)

危险等级:高

BID:104413

cve编号:CVE-2018-5001

  • Adobe Flash Player整数溢出漏洞(CVE-2018-5000)

危险等级:高

BID:104413

cve编号:CVE-2018-5000

  • Adobe Flash Player类型混淆漏洞(CVE-2018-4945)

危险等级:高

BID:104413

cve编号:CVE-2018-4945

  • Adobe Flash Player栈缓冲区溢出漏洞(CVE-2018-5002)

危险等级:高

BID:104412

cve编号:CVE-2018-5002

  • Cisco Meeting Server信息泄露漏洞(CVE-2018-0263)

危险等级:高

BID:104419

cve编号:CVE-2018-0263

  • 思科多个产品拒绝服务漏洞(CVE-2017-6779)

危险等级:高

cve编号:CVE-2017-6779

  • Cisco AppDynamics App iQ Platform SQL注入漏洞(CVE-2018-0225)

危险等级:中

cve编号:CVE-2018-0225

  • Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware拒绝服务漏洞(CVE-2018- 0316)

危险等级:高

cve编号:CVE-2018-0316

  • Cisco IOS XE Software 远程代码执行漏洞(CVE-2018-0315)

危险等级:高

BID:104410 cve编号:CVE-2018-0315

  • Cisco Adaptive Security Appliance拒绝服务漏洞(CVE-2018-0296)

危险等级:高

cve编号:CVE-2018-0296

  • Cisco Network Services Orchestrator任意命令执行漏洞(CVE-2018-0274)

危险等级:高

cve编号:CVE-2018-0274

  • Cisco Prime Collaboration Provisioning访问限制绕过漏洞(CVE-2018-0317)

危险等级:高

BID:104432

cve编号:CVE-2018-0317

  • Cisco Prime Collaboration Provisioning安全限制绕过漏洞(CVE-2018-0318)

危险等级:高

BID:104434

cve编号:CVE-2018-0318

  • Microsoft Edge远程内存破坏漏洞(CVE-2018-8110)

危险等级:高

BID:104330

cve编号:CVE-2018-8110

  • Cisco Prime Collaboration Provisioning安全限制绕过漏洞(CVE-2018-0319)

危险等级:高

BID:104431

cve编号:CVE-2018-0319

  • Microsoft Edge远程内存破坏漏洞(CVE-2018-8111)

危险等级:高

BID:104335

cve编号:CVE-2018-8111

  • Microsoft Edge远程信息泄露漏洞(CVE-2018-0871)

危险等级:高

BID:104339

cve编号:CVE-2018-0871

  • Microsoft Edge远程内存破坏漏洞(CVE-2018-8236)

危险等级:高

BID:104336

cve编号:CVE-2018-8236

  • Microsoft Edge远程信息泄露漏洞(CVE-2018-8234)

危险等级:高

BID:104340

cve编号:CVE-2018-8234

  • Microsoft Edge安全限制绕过漏洞(CVE-2018-8235)

危险等级:高

BID:104343

cve编号:CVE-2018-8235

  • Microsoft Internet Explorer脚本引擎远程内存破坏漏洞(CVE-2018-8267)

危险等级:高

BID:104404 cve编号:CVE-2018-8267

  • Microsoft Windows DNSAPI远程代码执行漏洞(CVE-2018-8225) 危险等级:高

BID:104395

cve编号:CVE-2018-8225

  • Microsoft Windows任意代码执行漏洞(CVE-2018-8213)

危险等级:高

BID:104406 cve编号:CVE-2018-8213

  • Microsoft Internet Explorer远程内存破坏漏洞(CVE-2018-8249)

危险等级:高

BID:104363

cve编号:CVE-2018-8249

  • Microsoft Chakra脚本引擎远程内存破坏漏洞(CVE-2018-8243)

危险等级:高

BID:104403

cve编号:CVE-2018-8243

  • Microsoft Windows ‘HTTP.sys’远程代码执行漏洞(CVE-2018-8231)

危险等级:高

BID:104373

cve编号:CVE-2018-8231

  • Microsoft Chakra脚本引擎远程内存破坏漏洞(CVE-2018-8229)

危险等级:高 BID:104369

cve编号:CVE-2018-8229

  • Microsoft Windows Media Foundation内存破坏漏洞(CVE-2018-8251)

危险等级:高

BID:104398 cve编号:CVE-2018-8251

  • Microsoft Windows Kernel本地权限提升漏洞(CVE-2018-0982)

危险等级:高

BID:104382

cve编号:CVE-2018-0982

  • Microsoft Windows WebDAV拒绝服务漏洞(CVE-2018-8175)

危险等级:高

BID:104359

cve编号:CVE-2018-8175

  • Microsoft Windows HIDParser本地权限提升漏洞(CVE-2018-8169)

危险等级:高

BID:104356

cve编号:CVE-2018-8169

  • Microsoft Windows Cortana本地权限提升漏洞(CVE-2018-8140)

危险等级:高

BID:104354

cve编号:CVE-2018-8140

  • Microsoft Windows Kernel本地信息泄露漏洞(CVE-2018-8121)

危险等级:高

BID:104380

cve编号:CVE-2018-8121

  • Microsoft Internet Explorer安全限制绕过漏洞(CVE-2018-8113)

危险等级:高

BID:104365

cve编号:CVE-2018-8113

  • Microsoft Windows Code Integrity Module拒绝服务漏洞(CVE-2018-1040)

危险等级:高

BID:104389

cve编号:CVE-2018-1040

  • Microsoft Windows NTFS本地权限提升漏洞(CVE-2018-1036)

危险等级:高

BID:104360 cve编号:CVE-2018-1036

  • Microsoft Windows Desktop Bridge本地权限提升漏洞(CVE-2018-8208)

危险等级:高

BID:104392

cve编号:CVE-2018-8208

  • Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8201)

危险等级:高

BID:104331

cve编号:CVE-2018-8201

  • Microsoft Windows Kernel本地信息泄露漏洞(CVE-2018-8207)

危险等级:高

BID:104379

cve编号:CVE-2018-8207

  • Microsoft Windows本地拒绝服务漏洞(CVE-2018-8205)

危险等级:高

BID:104391

cve编号:CVE-2018-8205

  • Microsoft Windows Wireless Network Profile本地信息泄露漏洞(CVE-2018-8209)

危险等级:高

BID:104393

cve编号:CVE-2018-8209

  • Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8221)

危险等级:高

BID:104338

cve编号:CVE-2018-8221

  • Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8217)

危险等级:高

BID:104337

cve编号:CVE-2018-8217

  • Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8216)

危险等级:高

BID:104334

cve编号:CVE-2018-8216

  • Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8215)

危险等级:高

BID:104333

cve编号:CVE-2018-8215

  • Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8212)

危险等级:高

BID:104328

cve编号:CVE-2018-8212

  • Microsoft Windows Device Guard本地安全限制绕过漏洞(CVE-2018-8211)

危险等级:高

BID:104326

cve编号:CVE-2018-8211

  • Microsoft Windows 远程代码执行漏洞(CVE-2018-8210)

危险等级:高

BID:104407

cve编号:CVE-2018-8210

  • Microsoft Windows GDI组件信息泄露漏洞(CVE-2018-8239)

危险等级:高

BID:104401

cve编号:CVE-2018-8239

  • Microsoft Office 远程权限提升漏洞(CVE-2018-8245)

危险等级:高

BID:104405

cve编号:CVE-2018-8245

  • Microsoft Outlook远程权限提升漏洞(CVE-2018-8244) 危险等级:高

BID:104323

cve编号:CVE-2018-8244

  • Microsoft Office 远程权限提升漏洞(CVE-2018-8247)

危险等级:高

BID:104319

cve编号:CVE-2018-8247

  • Windows Desktop Bridge本地权限提升漏洞(CVE-2018-8214) 危险等级:高

BID:104394

cve编号:CVE-2018-8214

  • Microsoft Excel 信息泄露漏洞(CVE-2018-8246)

危险等级:高

BID:104322

cve编号:CVE-2018-8246

  • Microsoft Excel 远程代码执行漏洞(CVE-2018-8248)

危险等级:高

BID:104318

cve编号:CVE-2018-8248

  • Microsoft SharePoint Server 远程权限提升漏洞(CVE-2018-8252)

危险等级:高

BID:104317

cve编号:CVE-2018-8252

  • Microsoft SharePoint Server 远程权限提升漏洞(CVE-2018-8254)

危险等级:高

BID:104325

cve编号:CVE-2018-8254

  • Microsoft Windows Hyper-V Code Integrity权限提升漏洞(CVE-2018-8219)

危险等级:高

BID:104353

cve编号:CVE-2018-8219

  • Microsoft Chakra脚本引擎远程内存破坏漏洞(CVE-2018-8227)

危险等级:高

BID:104368

cve编号:CVE-2018-8227

  • Microsoft Internet Explorer远程内存破坏漏洞(CVE-2018-0978)

危险等级:高

BID:104364

cve编号:CVE-2018-0978

  • Microsoft Windows Hyper-V远程拒绝服务漏洞(CVE-2018-8218)

危险等级:高

BID:104402

cve编号:CVE-2018-8218

  • Microsoft Windows Kernel本地权限提升漏洞(CVE-2018-8224)

危险等级:高

BID:104381

cve编号:CVE-2018-8224

  • Microsoft Windows ‘HTTP.sys’远程拒绝服务漏洞(CVE-2018-8226)

危险等级:高

BID:104361

cve编号:CVE-2018-8226

  • Microsoft Windows Kernel ‘Win32k.sys’本地权限提升漏洞(CVE-2018-8233) 危险等级:高

BID:104383

cve编号:CVE-2018-8233

(数据来源:绿盟科技安全研究部&产品规则组)

2.2 焦点漏洞

  • Adobe Flash Player远程代码执行漏洞

NSFOCUS ID 40042

CVE ID

CVE-2018-5002

  • 受影响版本

Adobe Flash Player <= 29.0.0.171

  • 漏洞点评

Flash Player是Adobe公司推出的多媒体程序播放器。在Adobe Flash Player 29.0.0.171及更早版本上存在类型混淆漏洞,成功利用后可使攻击者执行任意代 码。目前,已经出现针对这个漏洞的攻击。Adobe为此发布了一个安全公告 (APSB18-19)以及相应补丁,请用户及时下载更新。

(数据来源:绿盟科技安全研究部& 产品规则组)

发表评论