Microsoft Office cov khoom lag luam yog lub hom phiaj siab tshaj plaws rau hackers niaj hnub no, raws li cov ntaub ntawv sau los ntawm Kaspersky Lab. Hauv nws qhov kev nthuav qhia ntawm Security Analyst Summit, lub tuam txhab tau hais tias kwv yees li 70% ntawm kev tawm tsam nws cov khoom lag luam pom hauv Q4 2018 tau sim siv Microsoft Office qhov tsis zoo. Qhov no yog ntau tshaj plaub npaug ntawm feem pua Kaspersky tau pom ob xyoos dhau los hauv lub quarter thib plaub ntawm 2016, thaum Office vulnerabilities sawv ntawm qis qis 16%.
Nyob rau tib lub sijhawm, tus neeg sawv cev ntawm lub tuam txhab Kaspesky tau sau tseg qhov nthuav dav tias "tsis muaj qhov tsis zoo uas siv feem ntau nyob hauv MS Office nws tus kheej. Nws yuav yog qhov tseeb dua los hais tias qhov tsis muaj peev xwm muaj nyob hauv Chaw Ua Haujlwm cuam tshuam nrog. " Piv txwv li, ob qhov kev pheej hmoo txaus ntshai tshaj plaws yog CVE-2017-11882 и CVE-2018-0802, muaj nyob rau hauv keeb kwm ntawm Office Equation Editor, uas yav tas los siv los tsim thiab kho qhov sib npaug.
"Yog tias koj saib ntawm qhov tsis zoo ntawm xyoo 2018, koj tuaj yeem pom tias cov kws sau ntawv malware nyiam qhov yooj yim-rau-siv cov laj thawj tsis raug," lub tuam txhab tau sau tseg hauv qhov kev nthuav qhia. "Qhov no yog vim li cas tus qauv kho qhov tsis zoo CVE-2017-11882 и CVE-2018-0802 Tam sim no feem ntau siv hauv MS Office. Yooj yim hais, lawv ntseeg tau thiab ua haujlwm hauv txhua qhov version ntawm Lo Lus tso tawm hauv 17 xyoo dhau los. Thiab, qhov tseem ceeb tshaj plaws, tsim kev siv rau ib qho ntawm lawv tsis tas yuav muaj kev txawj ntse. "
Tsis tas li ntawd, txawm tias qhov tsis zoo tsis cuam tshuam ncaj qha rau Microsoft Office thiab nws cov khoom siv, lawv feem ntau siv cov ntaub ntawv khoom siv hauv chaw ua haujlwm ua qhov txuas nruab nrab. Piv txwv li, CVE-2018-8174 yog kab laum hauv Windows VBScript tus txhais lus uas MS Office launches thaum ua Visual Basic scripts. Qhov xwm txheej zoo sib xws nrog CVE-2016-0189 и CVE-2018-8373, ob qho tib si vulnerabilities yog nyob rau hauv Internet Explorer scripting engine, uas kuj yog siv nyob rau hauv Office cov ntaub ntawv los ua cov ntaub ntawv web.
Cov qhov tsis zoo uas tau hais tseg yog nyob rau hauv cov khoom siv uas tau siv hauv MS Office tau ntau xyoo, thiab tshem tawm cov cuab yeej no yuav ua rau rov qab sib raug zoo nrog cov qub qub ntawm Office.
Tsis tas li ntawd, hauv lwm daim ntawv tshaj tawm tau tshaj tawm lub hli dhau los los ntawm lub tuam txhab , kuj lees paub qhov kev tshawb pom tsis ntev los no los ntawm Kaspersky Lab. Hauv tsab ntawv tshaj tawm qhia txog qhov feem ntau siv qhov tsis zoo hauv xyoo 2018, Cov Ntaub Ntawv Yav Tom Ntej tau teev rau qhov chaw ua haujlwm tsis zoo nyob rau hauv kaum sab saum toj.
#1, #3, #5, #6, #7 thiab #8 yog MS Office kab mob lossis qhov tsis zoo uas tuaj yeem siv los ntawm cov ntaub ntawv hauv nws cov ntawv txhawb nqa.
- - Microsoft (exploitable ntawm Office files)
- CVE-2018-4878 - Adobe
- - Microsoft (Office flaw)
- CVE-2017-8750 - Microsoft
- - Microsoft (Office flaw)
- - Microsoft (exploitable ntawm Office files)
- - Microsoft (Office flaw)
- - Microsoft (yuav siv tau los ntawm Office cov ntaub ntawv)
- CVE-2012-0158 - Microsoft
- CVE-2015-1805 - Google Android
Kaspersky Lab piav qhia tias ib qho ntawm cov laj thawj vim li cas MS Office qhov tsis muaj peev xwm feem ntau raug tsom los ntawm malware yog vim tag nrho cov kev ua txhaum cai ecosystem uas muaj nyob ib ncig ntawm Microsoft office khoom. Thaum cov ntaub ntawv hais txog qhov tsis zoo ntawm Chaw Ua Haujlwm tau dhau los ua pej xeem, kev siv nws tshwm sim ntawm kev ua lag luam ntawm Dark Web hauv ib hnub.
"Cov kab no lawv tus kheej tau dhau los ua qhov nyuaj dua, thiab qee zaum cov lus piav qhia ntxaws yog txhua qhov kev ua txhaum cai cybercriminal xav tau los tsim kev ua haujlwm siv," said Kaspersky tus cev lus. Tib lub sijhawm, raws li tau sau tseg los ntawm Leigh-Ann Galloway, tus thawj coj ntawm cybersecurity ntawm : "Lub sij hawm thiab dua, tshaj tawm demo code rau xoom-hnub tsis muaj zog thiab tshiab patched kev ruaj ntseg kab feem ntau pab hackers ntau tshaj li nws tau tiv thaiv cov neeg siv kawg."
Tau qhov twg los: 3d xov.ru