ProxyNotShell、OWASSRF、TabShell: Microsoft Exchange サーバーに今すぐセキュリティパッチを適用する
Several flaws in Microsoft Exchange Server disclosed over the last two years continue to be valuable exploits for attackers as part of ransomware and targeted attacks against organizations that have yet to patch their systems. Patching the flaws outlined below is strongly recommended.
サンドワームの新たな攻撃 : Active Directory グループポリシーを悪用した新種のワイパー型マルウェア
Sandworm, the Russian-backed APT responsible for NotPetya in 2017, has recently attacked an Ukrainian organization using a new wiper, SwiftSlicer.
マイクロソフト、2023 年 1 月の月例セキュリティ更新プログラムで 98 件の CVE を修正 (CVE-2023-21674)
Microsoft addresses 98 CVEs including a zero-day vulnerability that was exploited in the wild.
CVE-2022-47523: ManageEngine Password Manager Pro、PAM360、Access Manager Plus SQL インジェクションの脆弱性
Zoho patches a newly disclosed high-severity SQL injection flaw in several ManageEngine products; attackers have historically targeted several ManageEngine products over the last three years.
CVE-2022-47939: Linux カーネルにおける「緊急」の RCE 脆弱性
A critical remote code execution vulnerability in the Linux kernel has been publicly disclosed by Trend Micro's Zero Day Initiative in its ZDI-22-1690 advisory. The vulnerability has been given a CVSSv3 of 10.0. There are no reports of active exploitation.
CVE-2022-27518: Citrix ADC および Gateway における脆弱性により認証を必要とせずにリモートからのコード実行が可能
Citrix has patched a critical remote code execution vulnerability in its Gateway and ADC products. This vulnerability has reportedly been exploited as a zero day; organizations should patch urgently.
CVE-2022-42475: Fortinet、FortiOS SSL VPN のゼロデイの脆弱性にパッチを適用
Fortinet has patched a zero day buffer overflow in FortiOS that could lead to remote code execution. There has been a report of active exploitation and organizations should patch urgently.
CVE-2022-41040、CVE-2022-41082: ProxyShell の亜種の悪用が確認される
Microsoft has confirmed reports of two zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. Patches are not yet available.
CVE-2022-40139: Trend Micro Apex One における脆弱性の悪用が確認される
Trend Micro has patched six vulnerabilities in its Apex One on-prem and software-as-a-service products, one of which has been exploited in the wild.
Microsoft の 2022 年 7 月月例セキュリティ更新プログラム、84 件の CVE を修正 (CVE-2022-22047)
Microsoft addresses 84 CVEs in its July 2022 Patch Tuesday release, including four critical flaws and one zero day that has been exploited in the wild.
CVE-2022-30190: マイクロソフト サポート診断ツール (MSDT) のゼロデイ・ゼロクリック脆弱性の悪用が確認される
Microsoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that has been exploited in the wild since at least April.
マイクロソフトの 2022 年 5 月月例セキュリティ更新プログラム、55 件の CVE を修正 (CVE-2022-26925)
Microsoft addresses 73 CVEs in its May 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild.
営業チームに問い合わせる