{"id":3572,"date":"2025-02-07T15:07:17","date_gmt":"2025-02-07T07:07:17","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=3572"},"modified":"2025-02-07T15:16:44","modified_gmt":"2025-02-07T07:16:44","slug":"cisa-%e6%9c%80%e6%96%b0%e8%ad%a6%e5%91%8a%ef%bc%9amicrosoft-outlook%e3%80%81sophos-xg-firewall-%e6%bc%8f%e6%b4%9e%e9%81%ad%e6%94%bb%e6%93%8a%ef%bc%8c%e5%88%97%e5%85%a5%e3%80%8c%e5%b7%b2%e7%9f%a5","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=3572","title":{"rendered":"CISA \u6700\u65b0\u8b66\u544a\uff1aMicrosoft Outlook\u3001Sophos XG Firewall \u6f0f\u6d1e\u906d\u653b\u64ca\uff0c\u5217\u5165\u300c\u5df2\u77e5\u88ab\u5229\u7528\u6f0f\u6d1e\u300d\u6e05\u55ae"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"865\" height=\"620\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/02\/image-1.png\" alt=\"\" class=\"wp-image-3573\" style=\"width:1140px;height:auto\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/02\/image-1.png 865w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/02\/image-1-300x215.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2025\/02\/image-1-768x550.png 768w\" sizes=\"auto, (max-width: 865px) 100vw, 865px\" \/><\/figure>\n\n\n\n<p><strong>\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u8207\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40\uff08CISA\uff09<\/strong> \u8fd1\u671f\u64f4\u5927\u5176 <strong>\u300c\u5df2\u77e5\u88ab\u5229\u7528\u6f0f\u6d1e\u300d\uff08Known Exploited Vulnerabilities, KEV\uff09<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">\u76ee\u9304<\/a><\/strong>\uff0c\u65b0\u589e\u591a\u9805\u5df2\u88ab\u653b\u64ca\u8005\u5229\u7528\u7684\u9ad8\u98a8\u96aa\u6f0f\u6d1e\u3002\u9019\u4e00\u8209\u63aa\u986f\u793a\uff0c\u4e0d\u8ad6\u662f <strong>\u653f\u5e9c\u6a5f\u69cb\u9084\u662f\u79c1\u71df\u4f01\u696d<\/strong>\uff0c\u90fd\u61c9\u7acb\u5373\u63a1\u53d6\u884c\u52d5\uff0c\u4fee\u88dc\u9019\u4e9b\u5df2\u77e5\u5b89\u5168\u7f3a\u9677\uff0c\u4ee5\u9632\u6b62\u5927\u898f\u6a21\u7db2\u8def\u653b\u64ca\u7684\u767c\u751f\u3002<\/p>\n\n\n\n<p><strong>\u65b0\u589e\u81f3 KEV \u76ee\u9304\u7684\u95dc\u9375\u6f0f\u6d1e<\/strong><\/p>\n\n\n\n<p>CISA \u6700\u65b0\u516c\u5e03\u7684\u91cd\u5927\u5b89\u5168\u6f0f\u6d1e\uff0c\u5305\u62ec\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CVE-2025-0411<\/strong> \u2013 7-Zip <strong>\u7db2\u8def\u6a19\u8a18\uff08Mark of the Web\uff09\u7e5e\u904e\u6f0f\u6d1e<\/strong><\/li>\n\n\n\n<li><strong>CVE-2022-23748<\/strong> \u2013 Dante <strong>\u63a2\u7d22\u7a0b\u5e8f\u63a7\u5236\u6f0f\u6d1e<\/strong><\/li>\n\n\n\n<li><strong>CVE-2024-21413<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-21413\"> <\/a><\/strong>\u2013 <strong>Microsoft Outlook \u4e0d\u7576\u8f38\u5165\u9a57\u8b49\u6f0f\u6d1e\uff08\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c RCE\uff09<\/strong><\/li>\n\n\n\n<li><strong>CVE-2020-29574<\/strong> \u2013 CyberoamOS (CROS) <strong>SQL <\/strong><strong>\u6ce8\u5165\u6f0f\u6d1e<\/strong><\/li>\n\n\n\n<li><strong>CVE-2020-15069<\/strong> \u2013 <strong>Sophos XG Firewall \u7de9\u885d\u5340\u6ea2\u51fa\u6f0f\u6d1e<\/strong><\/li>\n<\/ul>\n\n\n\n<p>\u5176\u4e2d\uff0c\u4ee5\u4e0b\u5169\u9805\u6f0f\u6d1e\u5c0d\u4f01\u696d\u8207\u6a5f\u69cb\u7684\u5a01\u8105\u5c24\u70ba\u56b4\u91cd\uff1a<\/p>\n\n\n\n<p><strong>Microsoft Outlook RCE\uff08<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-21413\" title=\"\">CVE-2024-21413<\/a>\uff09\u2014\u2014 \u9ad8\u98a8\u96aa\u653b\u64ca\u5411\u91cf<\/strong><\/p>\n\n\n\n<p><strong>CVE-2024-21413<\/strong> \u7684 <strong>CVSS \u8a55\u5206\u70ba 9.8<\/strong>\uff0c\u5c6c\u65bc <strong>\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\uff08RCE\uff09\u6f0f\u6d1e<\/strong>\uff0c\u653b\u64ca\u8005\u53ef\u5229\u7528\u8a72\u6f0f\u6d1e\u5728 <strong>Microsoft Outlook<\/strong> \u4e0a\u57f7\u884c\u60e1\u610f\u7a0b\u5f0f\uff0c\u4e26\u7372\u53d6 <strong>\u8b80\u53d6\u3001\u5beb\u5165\u53ca\u522a\u9664<\/strong> \u6b0a\u9650\uff0c\u5f71\u97ff\u5c64\u9762\u6975\u5ee3\u3002<\/p>\n\n\n\n<p>Microsoft \u5b98\u65b9\u5b89\u5168\u516c\u544a\u6307\u51fa\uff1a<\/p>\n\n\n\n<p><em>\u300c\u6210\u529f\u5229\u7528\u6b64\u6f0f\u6d1e\u7684\u653b\u64ca\u8005\u53ef\u7e5e\u904e Office \u4fdd\u8b77\u6aa2\u8996\uff08Protected View\uff09\uff0c\u8b93\u6587\u4ef6\u76f4\u63a5\u4ee5\u7de8\u8f2f\u6a21\u5f0f\u958b\u555f\uff0c\u800c\u975e\u53d7\u4fdd\u8b77\u6a21\u5f0f\u3002\u300d<\/em><\/p>\n\n\n\n<p>\u9019\u4ee3\u8868\u653b\u64ca\u8005\u53ef\u900f\u904e <strong>\u60e1\u610f\u90f5\u4ef6\u9644\u4ef6<\/strong> \u76f4\u63a5\u57f7\u884c\u60e1\u610f\u7a0b\u5f0f\u78bc\uff0c\u7e5e\u904e Microsoft \u5167\u5efa\u7684\u5b89\u5168\u6a5f\u5236\u3002\u8003\u616e\u5230 Outlook \u5728\u5168\u7403\u4f01\u696d\u4e2d\u7684\u5ee3\u6cdb\u4f7f\u7528\uff0c\u9019\u500b\u6f0f\u6d1e\u6975\u6709\u53ef\u80fd\u88ab <strong>\u91dd\u5c0d\u6027\u7db2\u8def\u91e3\u9b5a\u653b\u64ca\uff08Spear Phishing\uff09<\/strong> \u6feb\u7528\uff0c\u9032\u800c\u5f15\u767c\u8cc7\u6599\u6d29\u9732\u3001\u60e1\u610f\u7a0b\u5f0f\u611f\u67d3\uff0c\u751a\u81f3\u662f\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u3002<\/p>\n\n\n\n<p><strong>Sophos XG Firewall \u7de9\u885d\u5340\u6ea2\u51fa\u6f0f\u6d1e\uff08<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2020-15069\" title=\"\">CVE-2020-15069<\/a>\uff09\u2014\u2014 \u4f01\u696d\u7db2\u8def\u9632\u7dda\u7684\u6f5b\u5728\u7834\u53e3<\/strong><\/p>\n\n\n\n<p>\u53e6\u4e00\u500b <strong>CVSS 9.8 \u5206\u7684\u6f0f\u6d1e<\/strong> <strong>CVE-2020-15069<\/strong> \u5f71\u97ff <strong>Sophos XG Firewall 17.x \u81f3 17.5 MR12 \u7248\u672c<\/strong>\uff0c\u5c6c\u65bc <strong>\u7de9\u885d\u5340\u6ea2\u51fa\uff08Buffer Overflow\uff09\u6f0f\u6d1e<\/strong>\uff0c\u5141\u8a31\u653b\u64ca\u8005\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\uff0c\u751a\u81f3\u7372\u53d6 <strong>\u9632\u706b\u7246\u7ba1\u7406\u6b0a\u9650<\/strong>\u3002<\/p>\n\n\n\n<p>\u9632\u706b\u7246\u4f5c\u70ba\u4f01\u696d <strong>\u5b89\u5168\u9632\u7dda\u7684\u7b2c\u4e00\u9053\u95dc\u5361<\/strong>\uff0c\u82e5\u906d\u5229\u7528\uff0c\u5c07\u53ef\u80fd\u5c0e\u81f4\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u7db2\u8def\u908a\u754c\u9632\u79a6\u5931\u6548<\/strong>\uff0c\u653b\u64ca\u8005\u53ef\u76f4\u63a5\u6ef2\u900f\u5167\u90e8\u7db2\u8def<\/li>\n\n\n\n<li><strong>APT<\/strong><strong>\uff08\u9ad8\u7d1a\u6301\u7e8c\u6027\u5a01\u8105\uff09\u7d44\u7e54\u9032\u884c\u6a6b\u5411\u79fb\u52d5\uff08Lateral Movement\uff09<\/strong><\/li>\n\n\n\n<li><strong>\u6563\u4f48\u5f8c\u9580\u6216\u5176\u4ed6\u60e1\u610f\u7a0b\u5f0f<\/strong><\/li>\n\n\n\n<li><strong>\u7671\u7613\u7db2\u8def\u5b89\u5168\u76e3\u6e2c\u6a5f\u5236<\/strong>\uff0c\u5c0e\u81f4\u4f01\u696d\u7121\u6cd5\u5bdf\u89ba\u653b\u64ca\u884c\u70ba<\/li>\n<\/ul>\n\n\n\n<p>\u9019\u985e\u6f0f\u6d1e\u7279\u5225\u5bb9\u6613\u88ab <strong>\u4f9b\u61c9\u93c8\u653b\u64ca\uff08Supply Chain Attacks\uff09<\/strong> \u6216 <strong>\u570b\u5bb6\u7d1a\u99ed\u5ba2\u7d44\u7e54<\/strong> \u5229\u7528\uff0c\u56e0\u6b64\u61c9 <strong>\u512a\u5148\u4fee\u88dc<\/strong>\uff0c\u907f\u514d\u6dea\u70ba\u9ad8\u98a8\u96aa\u76ee\u6a19\u3002<\/p>\n\n\n\n<p><strong>\u4f01\u696d\u8207\u6a5f\u69cb\u61c9\u7acb\u5373\u63a1\u53d6\u7684\u884c\u52d5<\/strong><\/p>\n\n\n\n<p>\u6839\u64da<a href=\"https:\/\/www.cisa.gov\/news-events\/directives\/bod-22-01-reducing-significant-risk-known-exploited-vulnerabilities\" title=\"\"> <strong>Binding Operational Directive\uff08BOD\uff0922-01<\/strong><\/a>\u300a\u964d\u4f4e\u5df2\u77e5\u88ab\u5229\u7528\u6f0f\u6d1e\u7684\u91cd\u5927\u98a8\u96aa\u300b\uff0c<strong>\u7f8e\u570b\u806f\u90a6\u6a5f\u69cb\u5fc5\u9808\u5728 2025 \u5e74 2 \u6708 27 \u65e5\u524d\u4fee\u5fa9\u9019\u4e9b\u6f0f\u6d1e<\/strong>\uff0c\u4ee5\u9632\u7bc4\u653b\u64ca\u8005\u5229\u7528\u5df2\u77e5\u5b89\u5168\u5f31\u9ede\u767c\u52d5\u653b\u64ca\u3002<\/p>\n\n\n\n<p>\u96d6\u7136\u8a72\u6307\u4ee4\u4e3b\u8981\u91dd\u5c0d <strong>\u7f8e\u570b\u806f\u90a6\u6a5f\u69cb<\/strong>\uff0c\u4f46 <strong>\u79c1\u71df\u4f01\u696d<\/strong> \u4ea6\u61c9\u4e3b\u52d5\u63a1\u53d6\u884c\u52d5\uff0c\u4ee5\u964d\u4f4e\u6f5b\u5728\u98a8\u96aa\u3002<\/p>\n\n\n\n<p><strong>\u5efa\u8b70\u9632\u79a6\u63aa\u65bd<\/strong><\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>\u7acb\u5373\u90e8\u7f72\u5b89\u5168\u4fee\u88dc\u7a0b\u5f0f\uff08Patch Updates\uff09<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Microsoft Outlook<\/strong><strong>\u3001Sophos XG Firewall\u3001Dante\u3001CyberoamOS \u8207 7-Zip \u7528\u6236\u61c9\u7acb\u5373\u66f4\u65b0\u81f3\u6700\u65b0\u7248\u672c<\/strong>\uff0c\u78ba\u4fdd\u6f0f\u6d1e\u5df2\u4fee\u88dc\u3002<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>\u5f37\u5316\u5a01\u8105\u76e3\u6e2c\u8207\u5165\u4fb5\u5075\u6e2c\uff08Threat Hunting &amp; Detection\uff09<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u91dd\u5c0d <strong>CVE-2024-21413<\/strong>\uff0c\u61c9\u52a0\u5f37\u90f5\u4ef6\u65e5\u8a8c\u5206\u6790\uff0c\u6aa2\u67e5\u662f\u5426\u6709 <strong>\u53ef\u7591\u90f5\u4ef6\u9644\u4ef6\u6216 Outlook \u9032\u7a0b\u7570\u5e38\u884c\u70ba<\/strong>\u3002<\/li>\n\n\n\n<li>\u91dd\u5c0d <strong>CVE-2020-15069<\/strong>\uff0c\u61c9\u5f37\u5316\u9632\u706b\u7246\u76e3\u63a7\uff0c\u6aa2\u6e2c <strong>\u7570\u5e38\u6d41\u91cf\u6a21\u5f0f<\/strong> \u6216 <strong>\u672a\u6388\u6b0a\u5b58\u53d6\u884c\u70ba<\/strong>\u3002<\/li>\n\n\n\n<li>\u90e8\u7f72 <strong>\u7aef\u9ede\u5075\u6e2c\u8207\u56de\u61c9\uff08EDR\uff09<\/strong> \u53ca <strong>\u7db2\u8def\u5165\u4fb5\u5075\u6e2c\u7cfb\u7d71\uff08NIDS\uff09<\/strong>\uff0c\u63d0\u9ad8\u5373\u6642\u5a01\u8105\u611f\u77e5\u80fd\u529b\u3002<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>\u5f37\u5316\u5b58\u53d6\u63a7\u5236\u8207\u7db2\u8def\u5206\u6bb5\uff08Access Control &amp; Network Segmentation\uff09<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u843d\u5be6 <strong>\u96f6\u4fe1\u4efb\u67b6\u69cb\uff08Zero Trust Architecture, ZTA\uff09<\/strong>\uff0c\u78ba\u4fdd\u654f\u611f\u7cfb\u7d71\u53ea\u5141\u8a31\u6388\u6b0a\u5b58\u53d6\u3002<\/li>\n\n\n\n<li>\u9650\u5236\u9632\u706b\u7246\u7ba1\u7406\u4ecb\u9762\u7684\u5b58\u53d6\u6b0a\u9650\uff0c\u4e26\u5c0d\u6240\u6709 <strong>\u7ba1\u7406\u5e33\u865f<\/strong> \u5f37\u5236\u555f\u7528 <strong>\u591a\u91cd\u9a57\u8b49\uff08MFA\uff09<\/strong>\u3002<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>\u63d0\u5347\u54e1\u5de5\u5b89\u5168\u610f\u8b58\u8207\u4e8b\u4ef6\u61c9\u8b8a\u80fd\u529b\uff08Security Awareness &amp; Incident Response\uff09<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u91dd\u5c0d <strong>CVE-2024-21413<\/strong>\uff0c\u5f37\u5316 <strong>\u54e1\u5de5\u8cc7\u5b89\u6559\u80b2<\/strong>\uff0c\u8b93\u54e1\u5de5\u8b58\u5225\u91e3\u9b5a\u90f5\u4ef6\uff0c\u907f\u514d\u9ede\u64ca\u53ef\u7591\u9644\u4ef6\u3002<\/li>\n\n\n\n<li>\u6e2c\u8a66 <strong>\u4e8b\u4ef6\u61c9\u8b8a\uff08Incident Response, IR\uff09\u8a08\u756b<\/strong>\uff0c\u78ba\u4fdd\u80fd\u5728\u6f0f\u6d1e\u88ab\u5229\u7528\u6642 <strong>\u5373\u6642\u61c9\u8b8a\u3001\u963b\u6b62\u64f4\u6563<\/strong>\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p><strong>\u7d50\u8ad6\uff1a\u63d0\u65e9\u9632\u7bc4\uff0c\u6e1b\u5c11\u653b\u64ca\u98a8\u96aa<\/strong><\/p>\n\n\n\n<p>CISA \u6b64\u6b21\u5c07 <strong>Microsoft Outlook<\/strong> \u8207 <strong>Sophos XG Firewall<\/strong> \u7b49\u6f0f\u6d1e\u7d0d\u5165 KEV \u76ee\u9304\uff0c\u518d\u6b21\u63d0\u9192\u4f01\u696d <strong>\u6838\u5fc3\u696d\u52d9\u61c9\u7528\u8207\u5b89\u5168\u57fa\u790e\u8a2d\u65bd<\/strong> \u4ecd\u662f\u99ed\u5ba2\u7684\u9996\u8981\u653b\u64ca\u76ee\u6a19\u3002<\/p>\n\n\n\n<p>\u9762\u5c0d\u65e5\u76ca\u8907\u96dc\u7684\u7db2\u8def\u653b\u64ca\u74b0\u5883\uff0c\u4f01\u696d\u61c9 <strong>\u7a4d\u6975\u90e8\u7f72\u6f0f\u6d1e\u4fee\u88dc<\/strong>\uff0c\u5f37\u5316 <strong>\u5a01\u8105\u5075\u6e2c\u6a5f\u5236<\/strong>\uff0c\u4e26\u900f\u904e <strong>\u96f6\u4fe1\u4efb\u67b6\u69cb\u3001\u7db2\u8def\u5206\u6bb5\u53ca\u5b89\u5168\u6559\u80b2<\/strong> \u63d0\u5347\u6574\u9ad4\u8cc7\u5b89\u9632\u79a6\u80fd\u529b\u3002<\/p>\n\n\n\n<p>\u552f\u6709 <strong>\u8d85\u524d\u4f48\u7f72\u8207\u6301\u7e8c\u76e3\u63a7<\/strong>\uff0c\u624d\u80fd\u6709\u6548\u964d\u4f4e\u653b\u64ca\u98a8\u96aa\uff0c\u78ba\u4fdd\u4f01\u696d\u8207\u7d44\u7e54\u5728\u9762\u5c0d\u65b0\u578b\u614b\u7db2\u8def\u5a01\u8105\u6642\uff0c\u5177\u5099 <strong>\u66f4\u5f37\u7684\u62b5\u79a6\u80fd\u529b\u8207\u6062\u5fa9\u529b<\/strong>\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u8207\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40\uff08CISA\uff09 \u8fd1\u671f\u64f4\u5927\u5176 \u300c\u5df2\u77e5\u88ab\u5229\u7528\u6f0f\u6d1e\u300d\uff08Known Exploited Vu <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=3572\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[191,174],"class_list":["post-3572","post","type-post","status-publish","format-standard","hentry","category-6","tag-cisa","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3572"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3572\/revisions"}],"predecessor-version":[{"id":3575,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3572\/revisions\/3575"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3572"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}