Information security notice (2017-04-24 to 2017-04-30)

上海鼎赛信息科技有限公司
Shanghai Mdt InfoTech Ltd
第1章 重要安全漏洞1.1操作系统1.1.1 WindowsMicrosoft Windows Hyper-V信息泄露漏洞(CNVD-2017-05358)
网络谣言危及互联网健康发展,针对网上谣言,不仅仅需要加强言论的监控,更需要对网民进行互联网道德和素质教育,近期美英两国也有重罚那些不负责任乱讲话的网民。
The first chapter of the important security vulnerabilities 1.1 operating system 1.1.1 WindowsMicrosoft Hyper-V Windows information leakage vulnerability (CNVD-2017-05358)
CNVD-ID
CNVD-ID
CNVD-2017-05358
CNVD-2017-05358
发布时间

ARP入侵检测 H3C SMB-2626-PWR售2080元

Release time
2017-04-26
2017-04-26
危害级别
Hazard level
中 (AV:A/AC:M/Au:S/C:C/I:N/A:N)
(AV:A\/AC:M\/Au:S\/C:C\/I:N\/A:N)
影响产品
Affect product
Microsoft Windows Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012 Microsoft Windows 8.1 Windows Server 2012 Microsoft R2 Windows
漏洞描述
Vulnerability description
Microsoft Windows是流行的计算机操作系统。 Microsoft Windows Hyper-V存在信息泄露漏洞,攻击者利用该漏洞可访问主机系统上的信息。
Microsoft Windows is a popular computer operating system. Microsoft Windows Hyper-V information leakage vulnerability exists, the attacker exploits the vulnerability to access information on the host system.

山东阳谷电缆集团2017质量意识宣贯会议圆满召开

参考链接
Reference links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169
Https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2017-0169
漏洞解决方案
Vulnerability solution
Microsoft已经为此发布了一个安全公告(CVE-2017-0169)以及相应补丁: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169
Microsoft has released a security bulletin (CVE-2017-0169) and the corresponding patch: https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2017-0169
漏洞发现者
Vulnerability finder
Jordan Rabet, Microsoft Offensive Security Research Team.
Jordan Rabet, Microsoft Security Research Offensive Team.
厂商补丁
Vendor patch
Microsoft Windows Hyper-V信息泄露漏洞(CNVD-2017-05358)的补丁

Microsoft Windows Hyper-V information leak vulnerability (CNVD-2017-05358) patch
1.1.2 LinuxLinux kernel安全绕过漏洞(CNVD-2017-05575)
1.1.2 LinuxLinux kernel security bypass vulnerability (CNVD-2017-05575)
CNVD-ID
CNVD-ID
CNVD-2017-05575
CNVD-2017-05575
发布时间
Release time
2017-04-28
2017-04-28
危害级别
Hazard level
中 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
(AV:L\/AC:L\/Au:N\/C:N\/I:N\/A:C)
影响产品
Affect product
Linux Kernel <=4.10.5
Linux Kernel
漏洞描述
Vulnerability description
Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。 Linux kernel存在安全绕过漏洞,该漏洞中程序未能检测数据的零值。本地攻击者可利用特制的ioctl调用利用该漏洞造成拒绝服务(ZERO_SIZE_PTR逆向引用,程序意外终止)。
Linux kernel is the core of the operating system Linux released by the Linux foundation. Linux kernel security bypass vulnerability exists, the program failed to detect the vulnerability of the data value. A local attacker can use a special IOCTL call to exploit the vulnerability to create a denial of service (ZERO_SIZE_PTR), an unexpected termination of the program.
参考链接
Reference links
https://nvd.nist.gov/vuln/detail/CVE-2017-7261 http://www.securityfocus.com/bid/97096
Https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-7261 http:\/\/www.securityfocus.com\/bid\/97096
漏洞解决方案
Vulnerability solution
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://www.kernel.org/
Users can refer to the following vendors to provide security patches to fix the vulnerability: https:\/\/www.kernel.org\/
漏洞发现者
Vulnerability finder
Linux
Linux
厂商补丁
Vendor patch
Linux kernel安全绕过漏洞(CNVD-2017-05575)的补丁
Linux kernel security bypass vulnerability (CNVD-2017-05575) patch
1.1.3 AppleApple macOS Bluetooth权限提升漏洞(CNVD-2017-05624)
1.1.3 AppleApple Bluetooth privilege escalation vulnerability (CNVD-2017-05624) (macOS)

网易蜂巢获ISO27001和CSA-STAR认证做安全容器云

CNVD-ID
CNVD-ID
CNVD-2017-05624
CNVD-2017-05624
发布时间
Release time
2017-04-29
2017-04-29
危害级别
Hazard level
高 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Gao (AV:N\/AC:M\/Au:N\/C:C\/I:C\/A:C)
影响产品
Affect product
借助云端EHS培训服务快速建立安全与健康检查培训体系
Apple MacOS <10.12.4
Apple MacOS
漏洞描述
Vulnerability description
Apple macOS是美国苹果(Apple)公司为Mac计算机所开发的一套专用操作系统。Bluetooth是其中的一个蓝牙组件。 Apple macOS 10.12.4之前版本中的Bluetooth组件存在权限提升漏洞。攻击者可利用该漏洞借助特制的应用程序执行任意代码或造成拒绝服务(内存破坏)。
Apple macOS is a special operating system developed by Mac (Apple) Company in the United states. Bluetooth is one of the Bluetooth components. Apple macOS 10.12.4 in the previous version of the Bluetooth component exists to enhance the vulnerability rights. An attacker can exploit this vulnerability to execute arbitrary code or cause denial of service (memory corruption) with a special application.

网络黑客和诈骗早已是全球集团化运作,而我们国人的信息安全意识和国外发达国家还有不少差距,不修补这些差距,同样的案子还会继续下去。

猜您喜欢

贵州省疾控中心:去年儿童常规疫苗接种率超95%
门禁控制与监控系统对解决学童安全问题帮助不大
环境、健康、安全大讲堂之HSE在线课件
北京发布沙尘蓝色预警 城区遭沙尘笼罩
CAIBAOJIAN HHSEARCH
安全意识评估内容及服务