Microsoft OneDrive存在的这些漏洞你知道吗？

Microsoft OneDrive存在的这些漏洞你知道吗？

焦点漏洞

◆ 焦点漏洞

Microsoft OneDrive 任意代码执行漏洞

◆ NSFOCUS ID

40215

◆ CVE ID

CVE-2018-0592

◆ 受影响版本

Microsoft OneDrive

◆ 漏洞点评

Microsoft OneDrive是微软公司的一款云备份应用程序。该程序具有自动备份相册、在线办公和文件分享等功能。Microsoft OneDrive在实现中存在不可信的搜索路径漏洞。攻击者可借助目录下恶意的DLL，利用该漏洞获取提升的权限，执行任意代码。目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本。

互联网安全威胁态势

1

CVE统计

最近一周CVE公告总数与前期相比数量减少。

2

每日简报回顾

标题：WPA3 Standard Officially Launches With New Wi-Fi Security Features

时间：2018-06-25

简介：The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks

链接：

https://thehackernews.com/2018/06/wpa3-wifi-security-standard.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

标题：Gentoo Linux on Github hacked; repositories modified

时间：2018-06-29

简介：Another day, another data breach – This time, it is Linux distribution Gentoo whose GitHub mirror was compromised and content of repositories was modified by unknown hackers.

链接：

https://www.hackread.com/gentoo-linux-on-github-hacked-repositories-modified/

标题：House Passes Bill to Enhance Industrial Cybersecurity

时间：2018-06-27

简介：The U.S. House of Representatives on Monday passed a bill aimed at protecting industrial control systems (ICS), particularly ones used in critical infrastructure, against cyberattacks.

链接：

https://www.securityweek.com/house-passes-bill-enhance-industrial-cybersecurity?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

标题：Ticketmaster Suffers Security Breach – Personal and Payment Data Stolen

时间：2018-06-28

简介：Global entertainment ticketing service Ticketmaster has admitted that the company has suffered a security breach, warning customers that their personal and payment information may have been accessed by an unknown third-party

链接：

https://thehackernews.com/2018/06/ticketmaster-data-breach.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

……

（数据来源：绿盟科技 威胁情报与网络安全实验室 收集整理）

漏洞研究

1

漏洞库统计

截止到2018年6月29日，绿盟科技漏洞库已收录总条目达到40222条。本周新增漏洞记录68条，其中高危漏洞数量12条，中危漏洞数量25条，低危漏洞数量31条。

Cisco FXOS/NX-OS Software远程代码执行漏洞(CVE-2018-0312)

危险等级:高

BID:104515

cve编号:CVE-2018-0312

Cisco FXOS/NX-OS Software远程代码执行漏洞(CVE-2018-0314)

危险等级:高

BID:104516

cve编号:CVE-2018-0314

Cisco FXOS/NX-OS Software远程代码执行漏洞(CVE-2018-0304)

危险等级:高

BID:104513

cve编号:CVE-2018-0304

Cisco FXOS/NX-OS Software Fabric Services远程拒绝服务漏洞(CVE-2018-0305)

危险等级:高

cve编号:CVE-2018-0305

Cisco Firepower 4100 Series Next-Generation Firewall/Firepower 9300 Security Appliance 路径遍历漏洞(CVE-2018-0300)

危险等级:高

cve编号:CVE-2018-0300

Cisco Nexus 4000 Series Switch NX-OS 输入验证漏洞(CVE-2018-0299)

危险等级:高

cve编号:CVE-2018-0299

多款Cisco产品NX-OS Software Discovery Protocol子系统资源管理错误漏洞(CVE-2018-0331)

危险等级:高

cve编号:CVE-2018-0331

……