Vua qua, ISS da canh bao ve
tinh hinh an ninh mang tren toan the gioi len muc 2 tren 4 muc bao dong- can
than trong voi cac diem yeu an ninh va cac nguy co.
Viec nang muc bao dong lan nay bat nguon tu viec xuat hien cac tan cong vao cac
diem yeu Microsoft Animated Curser vulnerability cuoi thang 3 vua qua. Voi nhung
dot “dot kich” nhu vay, mot so luong lon cac trang web tai khu vuc Chau A Thai
Binh Duong da bi loi dung de khai thac diem yeu nay duoi hinh thuc tai file tren
website nhu file dinh kem email, web download/upload, chia se file…
 |
| Anh: Infotecs
|
ISS da mo ta diem yeu tren va cach tan cong cua cac “vi khach dac biet”:
Diem yeu: Mot diem yeu ton tai trong cac dinh dang con tro va
bieu tuong cua Windows co the giup cho ke tan cong thuc hien lenh tu xa. Ke tan
cong se thuc hien khai thac diem yeu nay bang cach tao ra mot con tro hoac file
bieu tuong nguy hiem co kha nang cho phep thuc hien cac lenh tu xa neu nguoi
dung ghe tham mot website nguy hiem hoac xem nhung thong diep email nguy hiem.
Neu thanh cong, ke tan cong co kha nang chiem quyen dieu khien cua he thong bi
anh huong.
Cach tan cong: Microsoft Windows co the cho phep ke tan cong tu
xa thuc hien doan ma nguy hiem bang cach chen cac con tro hoac bieu tuong khong
hop le. Bang cach lua cho nan nhan mo mot file con tro (.ANI), ke tan cong tu xa
co the gay loi cho bo nho de thuc hien lenh tren he thong voi quyen cua nan nhan.
Chung se khai thac diem yeu nay bang cach dat file nguy hiem tren mot website
hoac gui no cho nan nhan qua mot file dinh kem voi email.
Truoc tinh trang tren, ISS da dua ra khuyen cao doi voi nguoi dung la nen cap
nhat cac ban va loi cua Windows cang som cang tot va dong thoi khong truy cap
vao cac website nghi ngo cung nhu khong mo cac email co dia chi la. ISS cung
cung cap cac giai phap bao ve cho he thong mang, cac may tram, cac may chu chong
lai nguy co khai thac diem yeu nay.
Theo VTV
Article source http://w4rum.com/1246.t
| 