{"id":3385,"date":"2015-08-24T03:01:16","date_gmt":"2015-08-24T03:01:16","guid":{"rendered":"http:\/\/www.kaspersky.com.cn\/blog\/?p=3385"},"modified":"2020-02-27T00:17:44","modified_gmt":"2020-02-26T16:17:44","slug":"security-week-34-one-cannot-simply-patch","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.cn\/blog\/security-week-34-one-cannot-simply-patch\/3385\/","title":{"rendered":"\u300a\u5b89\u5168\u5468\u62a5\u300b34\u671f\uff1a\u4fee\u590d\u8865\u4e01\uff0c\u8865\u4e4b\u4e0d\u6613"},"content":{"rendered":"

\u6211\u7684\u670b\u53cb\u4eec\uff0c\u6211\u60f3\u8bf4\u7684\u8fc7\u53bb\u4e00\u5468\u5bf9\u4e8e\u5b89\u5168\u4fe1\u606f\u884c\u4e1a\u7b80\u76f4\u662f\u5669\u68a6\u4e00\u822c\u3002\u5982\u679c\u8bf4\u4e0a\u4e00\u5468\u6211\u4eec\u53ea\u662f\u53d1\u73b0\u4e86\u4e9b\u6709\u8da3\u7684bug<\/a>\u3001\u96f6\u65e5\u6f0f\u6d1e\u4ee5\u53ca\u5b89\u5168\u7814\u7a76\u4e13\u5bb6\u5bfb\u627e\u5df2\u4e45\u7684\u6f0f\u6d1e\u7684\u8bdd<\/a>\uff0c\u90a3\u672c\u5468\u771f\u6b63\u7684\u707e\u96be\u624d\u521a\u521a\u964d\u4e34\uff1a\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u5df2\u5229\u7528\u6240\u6709\u8fd9\u4e9b\u7f3a\u9677\u6e17\u900f\u8fdb\u4e86\u5b58\u5728\u6f0f\u6d1e\u7684\u8f6f\u4ef6\u3002\u5c3d\u7ba1\u8fd9\u4e9b\u5185\u5bb9\u76f8\u5f53\u91cd\u8981\uff0c\u4f46\u4eba\u4eec\u5bf9\u8fd9\u6837\u7684\u65b0\u95fb\u6216\u591a\u6216\u5c11\u5df2\u6709\u4e9b\u538c\u5026\u3002\u6bcf\u4e00\u6b21\uff0c\u6211\u4eec\u7684\u65b0\u95fb\u535a\u5ba2-Threatpost<\/a>\u90fd\u4f1a\u5e26\u6765\u5b89\u5168\u4fe1\u606f\u9886\u57df\u65b0\u9c9c\u70ed\u8fa3\u7684\u65b0\u95fb\uff0c\u540c\u65f6\u8fd8\u4f1a\u5728\u5176\u4e2d\u7cbe\u9009\u4e09\u7bc7\u6709\u5173\u5b89\u5168\u8865\u4e01\u4fee\u590d\u7684\u6587\u7ae0\uff0c\u800c\u6587\u7ae0\u6458\u9009\u5de5\u4f5c\u8fdc\u6bd4\u4f60\u4eec\u60f3\u8c61\u7684\u8981\u96be\u5f97\u591a\u3002<\/p>\n

\"\"<\/p>\n

\u4e0d\u7ba1\u600e\u4e48\u6837\uff0c\u8fd9\u4e9b\u5185\u5bb9\u90fd\u76f8\u5f53\u91cd\u8981\uff01\u627e\u5230\u4e00\u4e2a\u6f0f\u6d1e\u9700\u8981\u82b1\u8d39\u4e0d\u5c11\u7684\u65f6\u95f4\u548c\u7cbe\u529b\uff0c\u4f46\u66f4\u96be\u7684\u662f\u5728\u6ca1\u6709\u906d\u53d7\u9ed1\u5ba2\u653b\u51fb\u4e4b\u524d\u5c31\u5c06\u5176\u4fee\u590d\u3002\u8f6f\u4ef6\u5f00\u53d1\u8005\u53ef\u4ee5\u627e\u51fa\u5343\u4e07\u79cd\u4e0d\u7acb\u5373\uff08\u6216\u5f53\u5b63\u5ea6\u6216\u65e0\u9650\u671f\uff09\u5bf9\u7279\u5b9abug\u4fee\u590d\u7684\u7406\u7531\u3002\u4f46\u95ee\u9898\u6700\u7ec8\u603b\u662f\u8981\u89e3\u51b3\u7684\u3002<\/p>\n

\u5728\u672c\u5468\u6700\u70ed\u95e8\u7684\u4e09\u4e2a\u65b0\u95fb\u6545\u4e8b\u4e2d\uff0c\u65e0\u4e00\u4f8b\u5916\u5176\u4e2d\u6240\u542b\u7684bug\u5747\u8fd8\u672a\u80fd\u4fee\u590d\u3002\u8fd9\u91cc\u6211\u518d\u6b21\u91cd\u7533\u300a\u5b89\u5168\u5468\u62a5\u300b\u7684\u7f16\u8f91\u539f\u5219\uff1a\u6bcf\u5468Threatpost\u7684\u56e2\u961f\u90fd\u4f1a\u7cbe\u5fc3\u6458\u9009\u4e09\u6761\u5f53\u5468\u8981\u95fb\uff0c\u5e76\u52a0\u4e0a\u6211\u81ea\u5df1\u72ec\u5230\u7684\u89c1\u89e3\u3002\u5f80\u671f\u7684\u5185\u5bb9\u53ef\u4ee5\u5728\u8fd9\u91cc<\/a>\u627e\u5230\u3002<\/p>\n

\u53e6\u4e00\u4e2a\u5b58\u5728\u4e8e<\/strong>Google Admin<\/strong>\u5185\u7684\u5b89\u5353\u7cfb\u7edf<\/strong>bug<\/strong><\/p>\n

Threatpost\u65b0\u95fb\u6545\u4e8b<\/a>\u3002MWR<\/a>\u5b9e\u9a8c\u5ba4\u7814\u7a76\u3002<\/p>\n

\u6211\u4eec\u53d1\u73b0\u4e86\u54ea\u4e9b\u6f0f\u6d1e\uff1f<\/em><\/p>\n

\u4f60\u662f\u5426\u6ce8\u610f\u5230\u6700\u8fd1\u6709\u5173bug\u7684\u65b0\u95fb\u7eb7\u6d8c\u800c\u81f3\uff1f\u54ce\uff0c\u96be\u9053\u53ea\u662f\u4e00\u8f86\u8f66\u906d\u5230\u9ed1\u5ba2\u5165\u4fb5<\/a>\uff1f\u6211\u4eec\u5728\u8bb8\u591a\u8f66\u5185\u90fd\u53d1\u73b0\u4e86\u6570\u5341\u79cd\u5b89\u5168\u6f0f\u6d1e<\/a>\uff01\u540c\u65f6\uff0c\u5728\u6709\u5173\u5b89\u5353\u7684\u6700\u65b0\u65b0\u95fb\u4e2d\uff0c\u6211\u4eec\u4e5f\u5f88\u5bb9\u6613\u6ce8\u610f\u5230\u540c\u6837\u7684\u60c5\u51b5\u3002\u9996\u5148\u662fStagefright\u6f0f\u6d1e\uff0c\u7136\u540e\u662f\u4e00\u4e9b\u7a0d\u5c0f\u7684bug\uff0c\u73b0\u5728\u5219\u8f6e\u5230\u4e86Google Admin\uff0c\u5373\u901a\u8fc7\u8be5\u5de5\u5177\u7ed5\u8fc7\u6c99\u76d2\u3002<\/p>\n

\"\"<\/a><\/p>\n

\u4f5c\u4e3a\u5b89\u5353\u7cfb\u7edf\u7ea7\u7684\u5e94\u7528\u7a0b\u5e8f\u4e4b\u4e00\uff0cGoogle Admin\u53ef\u4ee5\u63a5\u53d7\u6765\u81ea\u5176\u4ed6\u5e94\u7528\u7684URL\u5730\u5740\uff0c\u800c\u4e14\u4e8b\u5b9e\u8bc1\u660e\uff0c\u8be5\u5de5\u5177\u53ef\u4ee5\u63a5\u53d7\u6240\u6709URL\u5730\u5740\uff0c\u751a\u81f3\u662f\u4ee5\u2019file:\/\/\u2019\u5f00\u5934\u7684\u8def\u5f84\u3002\u7ed3\u679c\u662f\uff0c\u5177\u6709\u7f51\u9875\u4e0b\u8f7d\u529f\u80fd\u7684\u7b80\u5355\u8054\u7f51\u5de5\u5177\u5f00\u59cb\u5411\u7c7b\u4f3c\u6574\u4f53\u6587\u4ef6\u7ba1\u7406\u5668\u6f14\u53d8\u3002\u662f\u5426\u56e0\u6b64\u6240\u6709\u5b89\u5353\u5e94\u7528\u5c31\u53ef\u4ee5\u76f8\u4e92\u9694\u79bb\u5462\uff1f\u5f53\u7136\u4e0d\u662f\uff0cGoogle Admin\u53ea\u662f\u62e5\u6709\u66f4\u9ad8\u7684\u6743\u9650\uff0c\u4e00\u65e6\u4e0d\u5e78\u8bfb\u53d6\u67d0\u4e9b\u6d41\u6c13URL\u5730\u5740\uff0c\u4efb\u4f55\u5e94\u7528\u90fd\u80fd\u7ed5\u8fc7\u6c99\u76d2\u8bbf\u95ee\u79c1\u4eba\u6570\u636e\u3002<\/p>\n

\u6f0f\u6d1e\u662f\u5982\u4f55\u4fee\u590d\u7684\uff1f<\/em><\/p>\n

\u9996\u5148\uff0c\u8bf7\u5bb9\u8bb8\u6211\u7b80\u8981\u4ecb\u7ecd\u8be5\u72ec\u7acb\u7814\u7a76\u548c\u6f0f\u6d1e\u62ab\u9732\u7684\u6574\u4e2a\u8fc7\u7a0b\u3002\u8fd9\u4e00\u6f0f\u6d1e\u662f\u5728\u4e09\u6708\u4efd\u88ab\u53d1\u73b0\uff0c\u968f\u540e\u76f8\u5e94\u7684\u62a5\u544a\u5373\u63d0\u4ea4\u7ed9\u4e86Google\u3002\u5927\u7ea65\u4e2a\u6708\u540e\uff0c\u5f53\u7814\u7a76\u4e13\u5bb6\u518d\u5ea6\u68c0\u67e5Google Admin\u7684\u5b89\u5168\u72b6\u51b5\u65f6\uff0c\u53d1\u73b0\u8fd9\u4e2abug\u4f9d\u7136\u8fd8\u672a\u4fee\u590d\u30028\u670813\u65e5\uff0c\u6709\u5173\u8fd9\u4e00bug\u7684\u4fe1\u606f\u88ab\u516c\u5f00\u62ab\u9732\uff0c\u76ee\u7684\u662f\u6566\u4fc3Google\u5c3d\u5feb\u53d1\u5e03\u76f8\u5173\u8865\u4e01\u3002<\/p>\n

\u987a\u4fbf\u63d0\u4e00\u4e0b\uff0cGoogle\u62e5\u6709\u4e00\u652f\u5185\u90e8\u7814\u7a76\u56e2\u961f\uff0c\u4efb\u52a1\u662f\u82b1\u8d39\u5927\u91cf\u65f6\u95f4\u548c\u7cbe\u529b\u5230\u5904\u5bfb\u627ebug\uff0c\u4e14\u4e0d\u4ec5\u9650\u4e8eGoogle\u81ea\u884c\u7814\u53d1\u7684\u8f6f\u4ef6\u3002Google\u7684Project Zero\u9879\u76ee\u5c0f\u7ec4<\/a>\u901a\u5e38\u5728\u5c06\u627e\u5230\u7684bug\u516c\u8bf8\u4e8e\u4f17\u524d\uff0c\u7ed9\u4e88\u8f6f\u4ef6\u5f00\u53d1\u800590\u5929\u7684\u65f6\u95f4\u4fee\u590d\u6f0f\u6d1e\uff0c\u4f46\u6211\u4eec\u4f9d\u7136\u5bf9Google\u80fd\u5426\u572890\u5929\u5185\u6210\u529f\u4fee\u590d\u6f0f\u6d1e\u6301\u6000\u7591\u6001\u5ea6\u3002<\/p>\n

Google Admin\u5de5\u5177\u5728\u6709\u4e9b\u65b9\u9762\u7684\u786e\u5f88\u7cdf\u7cd5\uff1a\u9996\u5148\uff0c\u6709\u4e9b\u65b9\u9762\u786e\u5b9e\u7cdf\u7cd5\uff1b\u5176\u6b21\uff0c\u6211\u4eec\u90fd\u77e5\u9053\u672a\u5fc5\u6240\u6709\u5b58\u5728\u6f0f\u6d1e\u7684\u5b89\u5353\u8bbe\u5907\u4e0a\u90fd\u80fd\u4fee\u590d\u6f0f\u6d1e\u3002\u4f60\u662f\u5728\u8bf4\u6708\u5ea6\u5b89\u5168\u66f4\u65b0<\/a>\uff1f\u90a3\u5982\u679c\u662f\u957f\u8fbe\u534a\u5e74\u7684\u6f0f\u6d1e\u4fee\u590d\u8fc7\u7a0b\u53c8\u5982\u4f55\u5462\uff1f\u770b\uff01\u770b\uff01<\/p>\n

\"\"<\/p>\n

\u65bd\u8010\u5fb7\u7535\u6c14<\/strong>SCADA<\/strong>\u7cfb\u7edf\u5185\u53d1\u73b0\u5f00\u653e\u5f0f\u6f0f\u6d1e<\/strong><\/p>\n

Threatpost\u65b0\u95fb\u6545\u4e8b<\/a>\u3002ICS-CERT<\/a>\u62a5\u544a\u3002<\/p>\n

\u6b22\u8fce\u6765\u5230\u91cd\u8981\u57fa\u7840\u8bbe\u65bd\u7684\u5947\u5999\u4e16\u754c\uff01\u8bf7\u5750\u597d\uff0c\u4e0d\u5fc5\u62d8\u675f\uff0c\u4f46\u5343\u4e07\u4e0d\u8981\u78b0\u53ef\u6015\u7684\u7ea2\u8272\u5f00\u5173\uff0c\u4e5f\u4e0d\u8981\u6478\u90a3\u4e9b\u83ab\u540d\u7a81\u51fa\u5728\u5916\u7684\u7535\u7ebf\u3002\u6ca1\u9519\uff0c\u5b83\u4eec\u672c\u6765\u5c31\u7a81\u5728\u5916\u9762\u3002\u8fd9\u6ca1\u4ec0\u4e48\u95ee\u9898\u3002\u591a\u5e74\u4ee5\u6765\u4e00\u76f4\u5c31\u8fd9\u6837\u3002\u4f60\u4e00\u78b0\u7684\u8bdd\uff0c\u6211\u4eec\u5c31\u5168\u5b8c\u86cb\u4e86\u3002<\/p>\n

SCADA\uff08\u76d1\u63a7\u4e0e\u6570\u636e\u91c7\u96c6\uff09\u7cfb\u7edf\u4f5c\u4e3a\u91cd\u8981\u57fa\u7840\u8bbe\u65bd\u7684\u4e00\u90e8\u5206\uff0c\u8d1f\u8d23\u50cf\u9505\u7089\uff08\u4e3b\u8981\u4f4d\u4e8e\u516c\u5bd3\u5927\u697c\u751a\u81f3\u6838\u7535\u7ad9\u5185\uff09\u8fd9\u6837\u91cd\u8981\u8bbe\u5907\u7684\u64cd\u4f5c\u548c\u8fd0\u884c\u3002\u6b64\u7c7b\u7cfb\u7edf\u65e0\u6cd5\u8fdb\u884c\u7be1\u6539\u3001\u5173\u95ed\u6216\u91cd\u542f\u3002\u5343\u4e07\u4e0d\u8981\u5728\u8fd9\u4e00\u7cfb\u7edf\u4e0a\u4fee\u6539\u4efb\u4f55\u53c2\u6570\uff0c\u8bf4\u5f97\u7b80\u5355\u70b9\uff0c\u4e0d\u8981\u78b0\u4efb\u4f55\u4e1c\u897f\uff01<\/p>\n

#Security Week 34: new unpatched #vulnerabilities in #Android, Mac #OSX, Schneider Electric #SCADA and more<\/p>Tweet<\/a><\/blockquote>\n

\u5982\u679c\u4f60\u6709\u4efb\u4f55\u95ee\u9898\u7684\u8bdd\uff0c\u5343\u4e07\u4e0d\u8981\u81ea\u5df1\u53bb\u5192\u9669\u5c1d\u8bd5\uff0c\u6700\u597d\u8bfb\u4e00\u8bfb\u6211\u4eec\u8fd9\u4e00\u4e3b\u9898\u7684\u6587\u7ae0<\/a>\u3002\u540c\u65f6\uff0c\u6211\u4eec\u8fd8\u5fc5\u987b\u627f\u8ba4\uff0c\u5c3d\u7ba1\u8fd9\u4e9b\u7cfb\u7edf\u7684\u91cd\u8981\u6027\u4e0d\u8a00\u800c\u55bb\uff0c\u4f46\u5374\u5e38\u5e38\u90e8\u7f72\u5728\u8fd0\u884c\u8001\u7248\u672cWindows\u7cfb\u7edf\u7684PC\u7535\u8111\u4e0a\u3002\u4e0e\u4e00\u822c\u4f01\u4e1a\u4e0d\u540c\u7684\u662f\uff0c\u91cd\u8981\u57fa\u7840\u8bbe\u65bd\u901a\u5e38\u81f3\u5c11\u8fc75\u5e74\u540e\u624d\u4f1a\u5347\u7ea7\u6216\u66f4\u6362\u6240\u7528\u7684\u786c\u4ef6\u548c\u8f6f\u4ef6\uff0c\u6709\u4e9b\u5de5\u4e1a\u8bbe\u65bd\u673a\u5668\u4eba\u6216\u79bb\u5fc3\u673a\u4e3a\u4e86\u5c06\u4e00\u4e9b\u81f4\u547d\u5316\u5b66\u54c1\u5206\u79bb\uff0c\u53ef\u80fd\u4f1a\u6570\u5341\u5e74\u4e0d\u505c\u6b47\u5730\u4f7f\u7528\u540c\u4e00\u4e2a\u786c\u4ef6\u8fd0\u884c\u3002<\/p>\n

\u6211\u4eec\u53d1\u73b0\u4e86\u54ea\u4e9b\u6f0f\u6d1e\uff1f<\/em><\/p>\n

\u5b89\u5168\u7814\u7a76\u4e13\u5bb6\u4eec\u5728\u5176\u4e2d\u4e00\u4e2a\u7cfb\u7edf\u5185\u2014\u65bd\u8010\u5fb7\u7535\u6c14Modicon M340<\/a>\uff08\u591a\u4e48\u6d6a\u6f2b\u7684\u540d\u5b57\uff01\uff09\u7684PLC\u7ad9\u5185\u53d1\u73b0\u4e86\u5927\u91cfbug\u3002\u7b80\u800c\u8a00\u4e4b\uff0c\u8fd9\u4e00\u8fde\u4e32\u6f0f\u6d1e\u5c06\u80fd\u8ba9\u975e\u5de5\u4f5c\u4eba\u5458\u5b8c\u5168\u638c\u63a7\u7cfb\u7edf\u2026\u57fa\u672c\u4e0a\u6765\u8bf4\uff0c\u53ef\u901a\u8fc7\u7cfb\u7edf\u8c03\u8282\u6240\u6709\u53c2\u6570\u3002\u5176\u4e2d\u8fd8\u627e\u5230\u4e00\u4e2a\u76f8\u5f53\u666e\u904d\u7684\u6f0f\u6d1e\uff08\u987a\u4fbf\u8bf4\u4e0b\uff0c\u8be5\u6f0f\u6d1e\u5e38\u5e38\u51fa\u73b0\u5728\u8bb8\u591a\u8def\u7531\u5668\u548c\u7269\u8054\u7f51\u8bbe\u5907\u5185\uff09\uff0c\u6211\u4eec\u79f0\u4e4b\u4e3a\u786c\u7f16\u7801\u5668\u51ed\u8bc1\u3002<\/p>\n

\n

Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched https:\/\/t.co\/2oGDTbr7qE<\/a> via @threatpost<\/a> pic.twitter.com\/eyPAY6Aikn<\/a><\/p>\n

\u2014 Kaspersky (@kaspersky) August 17, 2015<\/a><\/p><\/blockquote>\n