{"id":4036,"date":"2024-06-01T17:21:48","date_gmt":"2024-06-01T17:21:48","guid":{"rendered":"https:\/\/chuyendoiso.haiphong.gov.vn\/?p=4036"},"modified":"2025-04-17T09:22:52","modified_gmt":"2025-04-17T09:22:52","slug":"cap-nhat-ban-va-lo-hong-bao-mat-thang-5","status":"publish","type":"post","link":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/2024\/06\/01\/cap-nhat-ban-va-lo-hong-bao-mat-thang-5\/","title":{"rendered":"C\u1eadp nh\u1eadt b\u1ea3n v\u00e1 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt th\u00e1ng 5"},"content":{"rendered":"

Trong th\u00e1ng 5\/2024, Microsoft, Adobe v\u00e0 Apple l\u1ea7n l\u01b0\u1ee3t ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho c\u00e1c s\u1ea3n ph\u1ea9m c\u1ee7a m\u00ecnh. Ng\u01b0\u1eddi d\u00f9ng c\u1ea7n kh\u1ea9n tr\u01b0\u01a1ng c\u00e0i \u0111\u1eb7t b\u1ea3n v\u00e1 \u0111\u1ec3 ph\u00f2ng tr\u00e1nh r\u1ee7i ro m\u1ea5t an to\u00e0n th\u00f4ng tin.<\/strong><\/p>\n

Microsoft<\/strong><\/p>\n

\"C\u1eadp<\/a><\/div>\n

 <\/p>\n

Trung tu\u1ea7n th\u00e1ng 5, g\u00e3 kh\u1ed5ng l\u1ed3 c\u00f4ng ngh\u1ec7 Microsoft ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 Patch Tuesday \u0111\u1ec3 gi\u1ea3i quy\u1ebft 61 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt, trong \u0111\u00f3 c\u00f3: 17 l\u1ed7 h\u1ed5ng leo thang \u0111\u1eb7c quy\u1ec1n, 2 l\u1ed7 h\u1ed5ng v\u01b0\u1ee3t qua c\u00e1c t\u00ednh n\u0103ng b\u1ea3o m\u1eadt, 27 l\u1ed7 h\u1ed5ng RCE, 7 l\u1ed7 h\u1ed5ng ti\u1ebft l\u1ed9 th\u00f4ng tin, 3 l\u1ed7 h\u1ed5ng t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5, 4 l\u1ed7 h\u1ed5ng cho ph\u00e9p t\u1ea5n c\u00f4ng gi\u1ea3 m\u1ea1o, 1 l\u1ed7 h\u1ed5ng XSS.<\/p>\n

\u0110\u00e1ng ch\u00fa \u00fd, v\u1ea3n v\u00e1 Patch Tuesday th\u00e1ng 5 \u0111\u00e3 x\u1eed l\u00fd 3 l\u1ed7 h\u1ed5ng zero-day, trong \u0111\u00f3 c\u00f3 2 l\u1ed7 h\u1ed5ng b\u1ecb khai th\u00e1c t\u00edch c\u1ef1c:<\/p>\n

L\u1ed7 h\u1ed5ng bypass tr\u00ean n\u1ec1n t\u1ea3ng Windows MSHTML \u0111\u1ecbnh danh CVE-2024-30040<\/em><\/p>\n

\u0110\u1ec3 khai th\u00e1c l\u1ed7 h\u1ed5ng n\u00e0y, c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda s\u1ebd ph\u1ea3i thuy\u1ebft ph\u1ee5c ng\u01b0\u1eddi d\u00f9ng t\u1ea3i t\u1ec7p \u0111\u1ed9c h\u1ea1i v\u00e0o h\u1ec7 th\u1ed1ng d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng, th\u00f4ng qua g\u1eedi email ho\u1eb7c tin nh\u1eafn t\u1ee9c th\u1eddi (Instant Messenger), sau \u0111\u00f3 thuy\u1ebft ph\u1ee5c ng\u01b0\u1eddi d\u00f9ng th\u1ef1c hi\u1ec7n c\u00e1c thao t\u00e1c \u0111\u1ed1i v\u1edbi v\u1edbi t\u1ec7p \u0111\u1ed9c h\u1ea1i n\u00e0y.<\/p>\n

\u201cK\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c khi khai th\u00e1c th\u00e0nh c\u00f4ng l\u1ed7 h\u1ed5ng CVE-2024-30040 c\u00f3 th\u1ec3 th\u1ef1c thi m\u00e3 th\u00f4ng qua vi\u1ec7c c\u1ed1 g\u1eafng thuy\u1ebft ph\u1ee5c ng\u01b0\u1eddi d\u00f9ng m\u1edf m\u1ed9t t\u1ec7p t\u00e0i li\u1ec7u \u0111\u1ed9c h\u1ea1i. T\u1ea1i th\u1eddi \u0111i\u1ec3m \u0111\u00f3, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd trong ng\u1eef c\u1ea3nh c\u1ee7a ng\u01b0\u1eddi d\u00f9ng\u201d, Micrsoft gi\u1ea3i th\u00edch.<\/p>\n

Hi\u1ec7n ch\u01b0a r\u00f5 l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u00e3 b\u1ecb l\u1ea1m d\u1ee5ng nh\u01b0 th\u1ebf n\u00e0o trong c\u00e1c\u00a0cu\u1ed9c t\u1ea5n c\u00f4ng\u00a0hay nh\u00e0 nghi\u00ean c\u1ee9u n\u00e0o \u0111\u00e3 ph\u00e1t hi\u1ec7n ra n\u00f3.<\/p>\n

L\u1ed7 h\u1ed5ng leo thang \u0111\u1eb7c quy\u1ec1n trong th\u01b0 vi\u1ec7n Windows DWM Core \u0111\u1ecbnh danh CVE-2024-30051<\/em><\/p>\n

Microsoft \u0111\u00e3 x\u1eed l\u00fd l\u1ed7 h\u1ed5ng CVE-2024-30051 t\u1ed3n t\u1ea1i trong th\u01b0 vi\u1ec7n Windows DWM Core \u0111ang \u0111\u01b0\u1ee3c khai th\u00e1c t\u00edch c\u1ef1c \u0111\u1ec3 gi\u00e0nh \u0111\u01b0\u1ee3c c\u00e1c \u0111\u1eb7c quy\u1ec1n h\u1ec7 th\u1ed1ng SYSTEM. Kaspersky cho bi\u1ebft c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o b\u1eb1ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i Qakbot g\u1ea7n \u0111\u00e2y \u0111\u00e3 s\u1eed d\u1ee5ng c\u00e1c t\u1ec7p t\u00e0i li\u1ec7u \u0111\u1ed9c h\u1ea1i \u0111\u1ec3 khai th\u00e1c l\u1ed7 h\u1ed5ng CVE-2024-30051 v\u00e0 gi\u00e0nh \u0111\u01b0\u1ee3c c\u00e1c \u0111\u1eb7c quy\u1ec1n SYSTEM tr\u00ean thi\u1ebft b\u1ecb Windows.<\/p>\n

Adobe<\/strong><\/p>\n

\"C\u1eadp<\/a><\/div>\n

 <\/p>\n

C\u0169ng trong th\u00e1ng 5, Adobe \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 \u0111\u1ec3 gi\u1ea3i quy\u1ebft 37\u00a0l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt\u00a0trong c\u00e1c s\u1ea3n ph\u1ea9m Adobe Acrobat and Reader, Illustrator, Substance3D Painter, Adobe Aero, Substance3D Designer, Adobe Animate, FrameMaker, v\u00e0 Dreamweaver. Trong 37 l\u1ed7 h\u1ed5ng c\u00f3 26 l\u1ed7 h\u1ed5ng x\u1ebfp h\u1ea1ng m\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng, 10 l\u1ed7 h\u1ed5ng x\u1ebfp h\u1ea1ng m\u1ee9c \u0111\u1ed9 quan tr\u1ecdng v\u00e0 1 l\u1ed7 h\u1ed5ng x\u1ebfp h\u1ea1ng trung b\u00ecnh.<\/p>\n

\u1ede b\u1ea3n c\u1eadp nh\u1eadt l\u1ea7n n\u00e0y, h\u00e3ng Adobe t\u1eadp trung v\u00e0o v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt cho s\u1ea3n ph\u1ea9m Reader, m\u1ed9t s\u1ea3n ph\u1ea9m \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i. V\u1edbi r\u1ea5t nhi\u1ec1u l\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c x\u1ebfp h\u1ea1ng nghi\u00eam tr\u1ecdng v\u00e0 th\u01b0\u1eddng xuy\u00ean b\u1ecb tin t\u1eb7c khai th\u00e1c l\u1ee3i d\u1ee5ng nh\u01b0 CVE-2024-30284, CVE-2024-34094, CVE-2024-34095, CVE-2024-34096, CVE-2024-34097 \u0111\u1ec1u b\u1ecb khai th\u00e1c l\u1ed7i User-After-Free. N\u1ebfu b\u1ecb l\u1ee3i d\u1ee5ng, tin t\u1eb7c c\u00f3 th\u1ec3 th\u1ef1c thi c\u00e1c m\u00e3 \u0111\u1ed9c t\u00f9y \u00fd.<\/p>\n

M\u1eb7c d\u00f9 kh\u00f4ng c\u00f3 l\u1ed7 h\u1ed5ng n\u00e0o \u0111\u01b0\u1ee3c b\u00e1o c\u00e1o l\u00e0 \u0111ang b\u1ecb t\u00edch c\u1ef1c khai th\u00e1c nh\u01b0ng c\u00f3 m\u1ed9t s\u1ed1 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt c\u1ee7a s\u1ea3n ph\u1ea9m Reader b\u1ecb \u0111\u00e1nh gi\u00e1 l\u00e0 c\u00f3 nguy c\u01a1 cao s\u1ebd b\u1ecb khai th\u00e1c. Nh\u00e0 cung c\u1ea5p Adobe khuy\u1ebfn c\u00e1o ng\u01b0\u1eddi d\u00f9ng nhanh ch\u00f3ng c\u1eadp nh\u1eadt b\u1ea3n v\u00e1 \u0111\u1ec3 tr\u00e1nh b\u1ecb tin t\u1eb7c khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt tr\u00ean c\u00e1c s\u1ea3n ph\u1ea9m c\u1ee7a m\u00ecnh.<\/p>\n

Apple<\/strong><\/p>\n

\"C\u1eadp<\/a><\/div>\n

 <\/p>\n

\u1ede m\u1ed9t \u0111\u1ed9ng th\u00e1i kh\u00e1c, Apple \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho h\u1ec7 \u0111i\u1ec1u h\u00e0nh macOS, ipadOS v\u00e0 iOS. \u0110\u00e1ng ch\u00fa \u00fd,\u00a0l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt\u00a0\u0111\u1ecbnh danh CVE-2024-23296 tr\u00ean c\u00e1c phi\u00ean b\u1ea3n iOS 16.7.8 v\u00e0 ipadOS 16.7.8, l\u1ed7 h\u1ed5ng n\u00e0y khai th\u00e1c m\u1ed9t s\u1ef1 c\u1ed1 trong b\u1ed9 nh\u1edb c\u1ee7a th\u00e0nh ph\u1ea7n RTKit c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh, c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng b\u1ecf qua c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 b\u1ed9 nh\u1edb c\u1ee7a nh\u00e2n h\u1ec7 \u0111i\u1ec1u h\u00e0nh. L\u1ed7 h\u1ed5ng n\u00e0y \u0111ang \u0111\u01b0\u1ee3c b\u00e1o c\u00e1o l\u00e0 \u0111ang b\u1ecb t\u00edch c\u1ef1c khai th\u00e1c. V\u00ec v\u1eady, \u0111\u1ec3 b\u1ea3o v\u1ec7 c\u00e1c thi\u1ebft b\u1ecb \u0111ang s\u1eed d\u1ee5ng c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh b\u1ecb \u1ea3nh h\u01b0\u1edfng, Appple khuy\u1ebfn c\u00e1o ng\u01b0\u1eddi d\u00f9ng h\u00e3y nhanh ch\u00f3ng c\u1eadp nh\u1eadt b\u1ea3n v\u00e1.<\/p>\n

Ngu\u1ed3n tin: https:\/\/antoanthongtin.vn\/<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Trong th\u00e1ng 5\/2024, Microsoft, Adobe v\u00e0 Apple l\u1ea7n l\u01b0\u1ee3t ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho c\u00e1c s\u1ea3n ph\u1ea9m c\u1ee7a m\u00ecnh. Ng\u01b0\u1eddi d\u00f9ng c\u1ea7n kh\u1ea9n tr\u01b0\u01a1ng c\u00e0i \u0111\u1eb7t b\u1ea3n v\u00e1 \u0111\u1ec3 ph\u00f2ng tr\u00e1nh r\u1ee7i ro m\u1ea5t an to\u00e0n th\u00f4ng tin. Microsoft   Trung tu\u1ea7n th\u00e1ng 5, g\u00e3 kh\u1ed5ng l\u1ed3 c\u00f4ng ngh\u1ec7 Microsoft ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 Patch […]<\/p>\n","protected":false},"author":6,"featured_media":4039,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[13],"tags":[],"class_list":{"0":"post-4036","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tin-tuc"},"_links":{"self":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts\/4036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/comments?post=4036"}],"version-history":[{"count":1,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts\/4036\/revisions"}],"predecessor-version":[{"id":4044,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts\/4036\/revisions\/4044"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/media\/4039"}],"wp:attachment":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/media?parent=4036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/categories?post=4036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/tags?post=4036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}