Key Takeaways
- Qhov tshiab Windows xoom-nias nres uas tuaj yeem cuam tshuam cov tshuab yam tsis muaj tus neeg siv ua haujlwm tau pom nyob rau hauv qus.
- Microsoft tau lees paub qhov teeb meem thiab tso tawm cov txheej txheem kho, tab sis tus kab laum tseem tsis tau muaj qhov raug cai.
- Cov kws tshawb nrhiav kev nyab xeeb pom cov kab laum tau nquag siv thiab cia siab tias yuav muaj kev tawm tsam ntau dua yav tom ntej.
Hackers tau pom txoj hauv kev los tsoo rau hauv lub khoos phis tawj Windows yooj yim los ntawm kev xa cov ntaub ntawv tshwj xeeb uas ua phem rau.
Dubbed Follina, kab laum yog qhov hnyav heev vim nws tuaj yeem tso cai rau cov neeg nyiag nkag los tswj hwm txhua qhov Windows system tsuas yog xa cov ntaub ntawv hloov kho Microsoft Office. Qee zaum, tib neeg tsis tas yuav qhib cov ntaub ntawv, vim tias Windows cov ntaub ntawv saib ua ntej txaus los ua rau cov khoom tsis zoo. Qhov tseem ceeb, Microsoft tau lees paub qhov kab laum tab sis tseem tsis tau tso tawm ib qho kev txhim kho kom tshem tawm nws.
"Qhov kev pheej hmoo no tseem yuav tsum nyob rau sab saum toj ntawm cov npe uas yuav txhawj txog," Dr. Johannes Ullrich, Tus Thawj Saib Xyuas Kev Tshawb Fawb ntawm SANS Technology Institute, tau sau rau hauv SANS tsab ntawv xov xwm txhua lub lim tiam. "Thaum cov neeg muag khoom tiv thaiv malware tab tom hloov kho cov npe sai sai, lawv tsis txaus los tiv thaiv ntau yam kev siv dag zog uas yuav ua kom zoo dua ntawm qhov tsis zoo no."
Saib ua ntej rau kev sib haum xeeb
Qhov kev hem thawj tau pom thawj zaug los ntawm cov kws tshawb fawb txog kev nyab xeeb hauv Nyij Pooj thaum kawg ntawm Tsib Hlis tau lees paub los ntawm cov ntaub ntawv tsis zoo lo lus.
Tus kws tshawb fawb kev nyab xeeb Kevin Beaumont nthuav tawm qhov tsis zoo thiab tshawb pom cov ntaub ntawv.doc tau rub tawm ib qho tsis txaus ntseeg ntawm HTML code, uas tom qab ntawd hu rau Microsoft Diagnostics Tool kom ua tiav cov lej PowerShell, uas dhau los ua haujlwm siab phem payload.
Windows siv Microsoft Diagnostic Tool (MSDT) los sau thiab xa cov ntaub ntawv kuaj mob thaum muaj ib yam dab tsi mus rau lub operating system. Apps hu lub cuab tam siv qhov tshwj xeeb MSDT URL raws tu qauv (ms-msdt: //), uas Follina aims exploit.
"Qhov kev siv dag zog no yog lub roob ntawm kev siv dag zog sib sau ua ke. Txawm li cas los xij, nws yog hmoov tsis yooj yim rau rov tsim dua thiab tsis tuaj yeem kuaj pom los ntawm kev tiv thaiv kab mob," sau cov kws tawm tswv yim kev ruaj ntseg ntawm Twitter.
Hauv kev sib tham hauv email nrog Lifewire, Nikolas Cemerikic, Cyber Security Engineer ntawm Immersive Labs, piav qhia tias Follina yog qhov tshwj xeeb. Nws tsis siv txoj hauv kev niaj hnub ntawm kev siv lub chaw ua haujlwm tsis raug cai, uas yog vim li cas nws tuaj yeem ua rau muaj kev puas tsuaj rau cov neeg uas muaj kev tsis taus macros.
"Tau ntau xyoo, email phishing, ua ke nrog cov ntaub ntawv tsis zoo lo lus, tau yog txoj hauv kev zoo tshaj plaws kom tau txais kev nkag mus rau tus neeg siv lub cev," taw qhia Cemerikic. "Qhov kev pheej hmoo tam sim no tau nce siab los ntawm Follina nres, vim tias tus neeg raug tsim txom tsuas yog xav tau qhib ib daim ntawv, lossis qee zaum, saib cov ntaub ntawv saib ua ntej ntawm Windows saib ua ntej pane, thaum tshem tawm qhov xav tau kom pom zoo cov lus ceeb toom kev ruaj ntseg."
Microsoft tau nrawm los tso tawm qee cov kauj ruam kho kom txo tau cov kev pheej hmoo tshwm sim los ntawm Follina. John Hammond, tus kws tshawb fawb txog kev ruaj ntseg ntawm Huntress, tau sau rau hauv lub tuam txhab qhov sib sib zog nqus dhia blog ntawm kab laum. "Lawv koom nrog kev hloov chaw hauv Windows Registry, uas yog kev lag luam loj vim tias qhov kev sau npe tsis raug tuaj yeem ci koj lub tshuab."
Qhov kev pheej hmoo no tseem yuav tsum nyob rau saum toj ntawm cov npe uas yuav txhawj txog.
Thaum Microsoft tsis tau tso tawm ib qho kev ua haujlwm kho qhov teeb meem, muaj qhov tsis raug cai los ntawm 0patch project.
Hais txog kev txhim kho, Mitja Kolsek, tus tsim ntawm 0patch project, tau sau tias thaum nws yuav yooj yim rau lov tes taw Microsoft Diagnostic cuab tam rau tag nrho los yog kom codify Microsoft cov kauj ruam kho rau hauv ib thaj, qhov project mus rau ib qho kev sib txawv raws li ob txoj hauv kev no yuav cuam tshuam tsis zoo rau kev ua haujlwm ntawm Diagnostic Tool.
Nws nyuam qhuav pib
Cybersecurity cov neeg muag khoom tau pib pom qhov tsis txaus ntseeg tau siv zog tawm tsam qee lub hom phiaj siab hauv Asmeskas thiab Europe.
Txawm hais tias txhua qhov kev siv dag zog tam sim no hauv cov tsiaj qus zoo li siv cov ntaub ntawv Chaw Ua Haujlwm, Follina tuaj yeem raug tsim txom los ntawm lwm qhov kev tawm tsam, piav qhia Cemerikic.
Piav qhia vim li cas nws ntseeg tias Follina yuav tsis ploj mus sai sai no, Cemerikic tau hais tias, nrog rau kev siv dag zog lossis qhov tsis zoo, cov neeg nyiag khoom thaum kawg pib tsim thiab tso cov cuab yeej los pab kev siv dag zog. Qhov no yog qhov tseem ceeb hloov cov kev siv dag zog no mus rau qhov taw tes-thiab-nias tawm tsam.
"Cov neeg tawm tsam tsis tas yuav nkag siab tias qhov kev tawm tsam ua haujlwm lossis sib txuas ua ke ntawm qhov tsis muaj zog, txhua yam lawv yuav tsum tau ua yog nyem 'khiav' ntawm lub cuab yeej," hais Cemerikic.
Nws tau sib cav tias qhov no yog qhov tseeb ntawm lub zej zog kev ruaj ntseg cybersecurity tau pom nyob rau lub lim tiam dhau los, nrog rau kev siv zog loj heev raug muab tso rau hauv tes ntawm cov neeg tsis muaj peev xwm lossis tsis muaj kev kawm ntawv thiab cov ntawv me me.
"Raws li lub sijhawm dhau mus, cov cuab yeej no tau dhau los, ntau Follina yuav raug siv los ua tus txheej txheem ntawm kev xa cov malware los cuam tshuam lub hom phiaj cov tshuab," ceeb toom Cemerikic, hais kom cov neeg kho lawv lub Windows tshuab yam tsis muaj kev ncua.
