奇安信 CERT 2020年3月安全监测报告

奇安信 CERT 奇安信 CERT 3月安全监测报告2020 2020年3月安全监测报告 目录 一、统计信息 .................................................. 1 （一）重点漏洞处置详情 .......................................................................................................................... 1 （二）漏洞危害等级占比 .......................................................................................................................... 4 （三）漏洞类型分类统计 .......................................................................................................................... 5 二、漏洞详情 .................................................. 6 （一）安全风险通告 ................................................................................................................................. 6 （二）漏洞户口 ........................................................................................................................................ 9 三、漏洞追踪 ................................................. 11 （一）月度总热度TOP10漏洞 ................................................................................................................. 11 （二）月度总热度TOP10漏洞变化趋势 ................................................................................................... 12 （三）热度增长速度最快的TOP10漏洞 ................................................................................................... 14 （四）Web漏洞被攻击者利用情况 ........................................................................................................... 15 附录 ......................................................... 18 Jackson 远程代码执行漏洞 ..................................................................................................................... 18 Google Chrome 远程代码执行漏洞 .......................................................................................................... 18 PPP守护程序远程代码执行漏洞 .............................................................................................................. 19 spring-cloud-config-server目录遍历漏洞、任意文件读取漏洞 ........................................................... 20 Microsoft Word 代码执行漏洞 ............................................................................................................... 20 LNK远程执行代码漏洞 ............................................................................................................................. 21 Win32k权限提升漏洞 .............................................................................................................................. 23 Panorama本地特权提升漏洞 .................................................................................................................... 25 Microsoft SMBv3远程代码执行漏洞 ....................................................................................................... 25 通达OA未授权文件包含漏洞 ................................................................................................................... 26 Windows内核栈溢出漏洞 ......................................................................................................................... 27 Python multiprocessing 模块远程代码执行漏洞 ................................................................................... 27 D-Link 身份验证绕过漏洞 ...................................................................................................................... 28 Jenkins Artifactory插件明文密码存储漏洞 ......................................................................................... 29 Jenkins Artifactory插件明文密码传输漏洞 ......................................................................................... 29 Jenkins AWS Steps插件远程代码执行漏洞 ............................................................................................. 30 2020年3月安全监测报告 DrayTek Vigor远程命令执行漏洞 ........................................................................................................... 30 D-Link DSL-2640B 远程凭证泄漏漏洞 ..................................................................................................... 31 Windows Type 1字体解析远程代码执行漏洞 ........................................................................................... 32 Apache ShardingSphere 反序列化漏洞 ................................................................................................... 34 Oracle Coherence&WebLogic反序列化远程代码执行漏洞 ....................................................................... 34 Win32k权限提升漏洞 .............................................................................................................................. 35 Win32k权限提升漏洞 .............................................................................................................................. 37 奇安信CERT ................................................... 40