{"id":2331,"date":"2023-01-11T15:14:12","date_gmt":"2023-01-11T07:14:12","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=2331"},"modified":"2023-02-13T14:06:40","modified_gmt":"2023-02-13T06:06:40","slug":"%e7%be%8e%e5%9c%8bcisa-%e4%b8%8b%e4%bb%a4%e8%81%af%e9%82%a6%e6%a9%9f%e6%a7%8b%e4%bf%ae%e8%a3%9c%e8%a2%ab%e5%8b%92%e7%b4%a2%e8%bb%9f%e9%ab%94%e9%9b%86%e5%9c%98%e6%bf%ab%e7%94%a8%e7%9a%84exchange","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=2331","title":{"rendered":"\u7f8e\u570bCISA \u4e0b\u4ee4\u806f\u90a6\u6a5f\u69cb\u4fee\u88dc\u88ab\u52d2\u7d22\u8edf\u9ad4\u96c6\u5718\u6feb\u7528\u7684Exchange \u4f3a\u670d\u5668\u6f0f\u6d1e"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"821\" height=\"578\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/01\/image-3.png\" alt=\"\" class=\"wp-image-2332\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/01\/image-3.png 821w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/01\/image-3-300x211.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/01\/image-3-768x541.png 768w\" sizes=\"auto, (max-width: 821px) 100vw, 821px\" \/><\/figure>\n\n\n\n<p>\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40\uff08CISA\uff09\u57281\u670810\u65e5\u5728\u5176\u5df2\u77e5\u6feb\u7528\u8cc7\u5b89\u6f0f\u6d1e(Known Exploited Vulnerabilities)\u6e05\u55ae\u4e2d\u53c8\u589e\u52a0\u4e86<a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2023\/01\/10\/cisa-adds-two-known-exploited-vulnerabilities-catalog\">\u5169\u500b\u6f0f\u6d1e<\/a>\u3002<\/p>\n\n\n\n<p>\u7b2c\u4e00\u500b\u6f0f\u6d1e\u70baCVE-2022-41080\uff0c \u5c6c\u65bcExchange\u4f3a\u670d\u5668\u7279\u6b0a\u63d0\u5347\u7684\u6f0f\u6d1e\uff0c\u53ef\u8207ProxyNotShell\u6f0f\u6d1e(CVE-2022-41082)\u9023\u7d50\u8d77\u4f86\u5be6\u73fe\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u3002\u6839\u64da\u7e3d\u90e8\u4f4d\u65bc\u5fb7\u5dde\u7684\u96f2\u7aef\u670d\u52d9\u696d\u8005 Rackspace\u4e00\u5468\u524d\u7684\u8b49\u5be6\uff0cPlay\u8edf\u9ad4\u96c6\u5718\u5229\u7528\u5b83\u4f5c\u70ba\u96f6\u6642\u5dee\u6f0f\u6d1e\u4f86\u7e5e\u904eMicrosoft\u7684ProxyNotShell URL \u91cd\u5beb\u7de9\u89e3\u63aa\u65bd\u5f9e\u800c\u6feb\u7528\u7db2\u9801\u7248\u90f5\u4ef6\u7ba1\u7406\u4ecb\u9762Outlook Web Access\uff08OWA\uff09\u4f86\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u4f86\u653b\u64caExchange\u3002\u8cc7\u5b89\u516c\u53f8CrowdStrike \u5c07\u6b64\u6f0f\u6d1e\u5229\u7528\u624b\u6cd5\u7a31\u70ba\u201cOWASSRF\u201d\uff0c\u5728\u6210\u529f\u5165\u4fb5\u5f8c\uff0c\u99ed\u5ba2\u4fbf\u5229\u7528\u9060\u7aef\u5b58\u53d6\u5de5\u5177Plink\u3001AnyDesk\u4f86\u7dad\u6301\u5b58\u53d6\uff0c\u4e26\u5728Exchange\u4f3a\u670d\u5668\u4e0a\u57f7\u884c\u53cd\u53d6\u8b49\u6280\u8853\u4ee5\u8a66\u5716\u96b1\u85cf\u4ed6\u5011\u7684\u64ca\u884c\u52d5\uff0c\u9019\u53ef\u4f7f\u5176\u4ed6\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u66f4\u5bb9\u6613\u5efa\u7acb\u81ea\u5df1\u81ea\u8a02\u7fa9\u7684\u6f0f\u6d1e\u5229\u7528\u7a0b\u5f0f\u6216\u6839\u64da\u81ea\u5df1\u7684\u76ee\u7684\u8abf\u6574 Play \u52d2\u7d22\u8edf\u9ad4\u7684\u5de5\u5177\uff0c\u5f9e\u800c\u589e\u52a0\u4e86\u76e1\u5feb\u66f4\u65b0\u548c\u4fee\u88dc\u6f0f\u6d1e\u7684\u7dca\u8feb\u6027\u3002<\/p>\n\n\n\n<p>CISA\u5efa\u8b70\u64c1\u6709\u843d\u5730Exchange \u4f3a\u670d\u5668\u7684\u7d44\u7e54\u7acb\u5373\u90e8\u7f72\u6700\u65b0\u7684 Exchange \u5b89\u5168\u66f4\u65b0\u6216\u7981\u7528\u7db2\u9801\u7248\u90f5\u4ef6\u7ba1\u7406\u4ecb\u9762(OWA)\uff0c\u76f4\u5230\u4ed6\u5011\u53ef\u4ee5\u61c9\u7528 CVE-2022-41080 \u4fee\u88dc\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/01\/image-4-1024x567.png\" alt=\"\" class=\"wp-image-2333\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/01\/image-4-1024x567.png 1024w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/01\/image-4-300x166.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/01\/image-4-768x425.png 768w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/01\/image-4-1536x850.png 1536w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/01\/image-4.png 1583w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>CISA \u65b0\u589e\u5230\u5176\u5df2\u77e5\u6feb\u7528\u8cc7\u5b89\u6f0f\u6d1e\u6e05\u55ae\u4e2d\u7684\u7b2c\u4e8c\u500b\u6f0f\u6d1e\u662fWindows \u9032\u968e\u672c\u6a5f\u7a0b\u5e8f\u547c\u53eb\uff08Advanced Local Procedure Call\uff0cALPC\uff09\u4e2d\u7684\u7279\u6b0a\u5347\u7d1a\u6642\u5dee\u6f0f\u6d1e ( CVE-2023-21674 )\uff0c\u88ab\u6a19\u8a18\u70ba\u5df2\u5728\u653b\u64ca\u4e2d\u88ab\u5229\u7528\uff0c\u5fae\u8edf\u5728\u672c\u6708\u5b89\u5168\u66f4\u65b0Patch Tuesday\u91cb\u51fa\u4fee\u88dc\uff0cCISA\u4e0b\u4ee4\u806f\u90a6\u6a5f\u69cb\u5fc5\u9808\u5728 1 \u6708\u5e95\u4e4b\u524d\u5b8c\u6210\u4fee\u88dc\u3002CISA \u65bc 2021 \u5e74 11 \u6708\u767c\u5e03\u5177\u6709<a href=\"https:\/\/www.cisa.gov\/binding-operational-directive-22-01\">\u7d04\u675f\u6027\u4f5c\u696d\u6307\u5f15<\/a>:\u964d\u4f4e\u5df2\u77e5\u88ab\u958b\u63a1\u6f0f\u6d1e\u7684\u91cd\u5927\u98a8\u96aa(Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities)\uff0c\u70ba\u4e86\u806f\u90a6\u6c11\u4e8b\u57f7\u884c\u6a5f\u69cb (Federal Civilian Executive Branch) \u7684\u7db2\u8def\u514d\u53d7\u6dfb\u52a0\u5df2\u77e5\u6feb\u7528\u8cc7\u5b89\u6f0f\u6d1e\u7684\u4fb5\u5bb3\uff0c\u53ef\u7d04\u675f\u5176\u5728\u7279\u5b9a\u6642\u9593\u5167\u5b8c\u6210\u4fee\u88dc\u3002\u6b64\u6b21CISA\u7d66\u4e88 FCEB \u6a5f\u69cb\u4e09\u9031\u7684\u6642\u9593\uff0c\u76f4\u5230 1 \u6708 31 \u65e5\uff0c\u4ee5\u4fee\u88dc\u9019\u5169\u500b\u5b89\u5168\u6f0f\u6d1e\u4e26\u963b\u6b62\u91dd\u5c0d\u5176\u7cfb\u7d71\u7684\u6f5b\u5728\u653b\u64ca\u3002CISA \u8b66\u544a\u8aaa\u201c\u9019\u4e9b\u985e\u578b\u7684\u6f0f\u6d1e\u662f\u60e1\u610f\u7db2\u8def\u53c3\u8207\u8005\u7684\u5e38\u898b\u653b\u64ca\u5a92\u4ecb\uff0c\u4e26\u5c0d\u806f\u90a6\u4f01\u696d\u69cb\u6210\u91cd\u5927\u98a8\u96aa\u3002<\/p>\n\n\n\n<p>\u96d6\u7136\u8a72\u6307\u4ee4\u50c5\u9069\u7528\u65bc\u7f8e\u570b\u806f\u90a6\u6a5f\u69cb\uff0c\u4f46 CISA \u9084\u5f37\u70c8\u6566\u4fc3\u6240\u6709\u7d44\u7e54\u4fee\u88dc\u9019\u4e9b\u6f0f\u6d1e\u4ee5\u907f\u514d\u53d7\u5230\u653b\u64ca\u3002\u81ea BOD 22-01 \u6307\u4ee4\u767c\u5e03\u4ee5\u4f86\uff0cCISA \u5728\u5176\u88ab\u5728\u5176\u5df2\u77e5\u6feb\u7528\u8cc7\u5b89\u6f0f\u6d1e\u6e05\u55ae\u4e2d\u589e\u52a0\u4e86 800 \u591a\u500b\u5b89\u5168\u6f0f\u6d1e\uff0c\u8981\u6c42\u806f\u90a6\u6a5f\u69cb\u4ee5\u66f4\u7dca\u8feb\u7684\u6642\u9593\u8868\u89e3\u6c7a\u9019\u4e9b\u6f0f\u6d1e\uff0c\u4ee5\u9632\u6b62\u6f5b\u5728\u7684\u5b89\u5168\u6f0f\u6d1e\u3002<\/p>\n\n\n\n<p>&nbsp;&#8220;\u8f49\u8cbc\u3001\u5206\u4eab\u6216\u5f15\u7528\u6587\u7ae0\u5167\u5bb9\uff0c\u8acb\u8a3b\u660e\u51fa\u8655\u70ba\u7ae3\u76df\u79d1\u6280&nbsp;<a href=\"https:\/\/www.billows.com.tw\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.billows.com.tw<\/a>&nbsp;, \u4ee5\u514d\u89f8\u6cd5&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40\uff08CISA\uff09\u57281\u670810\u65e5\u5728\u5176\u5df2\u77e5\u6feb\u7528\u8cc7\u5b89\u6f0f\u6d1e(Known Exploited Vu <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=2331\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[191,239],"class_list":["post-2331","post","type-post","status-publish","format-standard","hentry","category-6","tag-cisa","tag-patch"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2331"}],"version-history":[{"count":4,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2331\/revisions"}],"predecessor-version":[{"id":2466,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2331\/revisions\/2466"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}