2026年6月15日星期一

釣魚警報 - 提防利用疑似外洩預訂資料的 Booking.com 釣魚訊息

釣魚警報 - 提防利用疑似外洩預訂資料的 Booking.com 釣魚訊息

發佈日期: 2026年06月15日

類別: 網絡釣魚

網絡釣魚警告

現況及相關趨勢

mickmick.net 提醒市民,小心假冒 Booking.com 及酒店預訂通知的釣魚攻擊。有騙徒利用Booking.com早前流出的真實訂房資料,冒充 Booking.com 平台或酒店向旅客發送電郵及WhatsApp訊息,聲稱預訂出現異常、付款授權失敗,或要求用戶於指定時間內更新付款資料,否則將取消預訂,藉此誘使用戶點擊可疑連結及提交個人資料、帳戶憑證或信用卡資料。

 

根據公開資訊,Booking.com 早前曾出現涉及部分預訂資料被未授權存取的保安事件,受影響資料可能包括住客姓名、電郵地址、電話號碼,以及與住宿提供者之間的通訊內容。海外亦有報道指出,有騙徒利用流出的真實訂房資料,針對日本旅客發送假冒 Booking.com 或酒店的訊息,以進一步進行釣魚詐騙。

 

由於 Booking.com 為本港市民常用的網上旅遊預訂平台之一,香港用戶亦可能面對相同風險。市民如曾透過相關平台預訂酒店、住宿或其他旅遊服務,應提高警覺,慎防受騙。騙徒可能在訊息中附上可疑連結,將用戶導向偽冒的登入、付款或驗證頁面,要求輸入帳戶密碼、信用卡資料、一次性密碼或其他敏感資料。

 

騙徒亦可能透過 WhatsApp 或其他即時通訊平台進一步聯絡受害人,要求重新驗證付款資料或完成所謂預訂確認程序。相關訊息常以訂房資料未齊全為由,誘使用戶點擊可疑連結補交資料,其中更會夾附用戶的真實入住日期、住客全名等資料,以提高可信性。

 

最近 mickmick.net 亦有處理涉及 Booking.com 及 Klook 等網上旅遊預訂平台的釣魚個案。個案顯示,騙徒會針對與旅遊預訂相關的平台,設立釣魚網站誘使用戶提交帳戶資料或付款資訊。

 

以下為相關個案中的釣魚網站頁面:

 

圖:假冒 Booking.com 的釣魚網站,聲稱用戶需輸入信用卡資料以進行預訂。

 

圖:假冒網上旅遊預訂平台的釣魚網站頁面。

 

圖:假冒網上旅遊預訂平台付款驗證頁面的釣魚網站。

 

mickmick.net 呼籲市民,不應單憑訊息中載有自己的姓名、酒店名稱、預訂資料或行程內容,便判斷其為真確。任何涉及帳戶、付款或預訂異常的通知,均應透過官方渠道核實,以保障個人及財務安全。

 

對公眾的安全建議

mickmick.net 提醒市民:

 

  • 仔細核對發件人電郵地址及網站完整網址,不應只憑顯示名稱判斷真偽;
  • 如收到與預訂、付款或帳戶安全有關的通知,應直接透過官方 App 或手動輸入官方網址查閱;
  • 切勿點擊來歷不明或未經核實訊息中的連結;
  • 切勿於可疑網站輸入帳戶密碼、信用卡資料、一次性密碼或其他敏感資料;
  • 如有懷疑,應透過官方網站、App 或酒店已公開的聯絡方式自行核實;
  • 建議使用強度高的密碼,並啟用多重認證,以加強帳戶保護;
  • 定期檢查銀行戶口及信用卡交易紀錄,留意是否出現異常活動。

 

如曾提交資料,應立即採取以下行動

如市民懷疑曾於可疑網站輸入個人資料、帳戶憑證或信用卡資料,應盡快採取以下措施:

 

  • 立即停止與對方聯絡,切勿再提供任何個人、帳戶或財務資料;
  • 立即更改相關平台帳戶密碼,以及其他使用相同或相似密碼的帳戶密碼;
  • 立即聯絡相關銀行或信用卡發卡機構,通報事件並要求採取適當保護措施;
  • 密切留意銀行戶口及信用卡交易紀錄,檢查是否出現未經授權交易;
  • 保留相關紀錄,包括可疑電郵、訊息截圖、網址、網站畫面及交易紀錄,以便日後跟進或報案之用。
沒有留言:

Phishing Alert - Beware of Booking.com Phishing Messages Exploiting Suspected Leaked Booking Data

Phishing Alert - Beware of Booking.com Phishing Messages Exploiting Suspected Leaked Booking Data

Release Date: 15 Jun 2026

Type: Phishing

Phishing Alert

Current Status and Related Trends

mickmick.net reminds the public to stay alert to phishing attacks impersonating Booking.com and hotel booking notifications. Fraudsters are using what appears to be genuine booking information previously leaked from Booking.com to impersonate the Booking.com platform or hotels, sending travellers emails and WhatsApp messages claiming that there is an issue with their reservation, that payment authorization has failed, or that they must update their payment details within a specified time or their booking will be cancelled. The aim is to lure users into clicking suspicious links and submitting personal information, account credentials, or credit card details.

 

According to public information, Booking.com previously experienced a security incident involving unauthorized access to certain booking data. The affected information may have included guests’ names, email addresses, phone numbers, and communications between guests and accommodation providers. Overseas reports have also indicated that fraudsters have used leaked genuine booking data to send fake Booking.com or hotel messages targeting Japanese travellers as part of further phishing scams.

 

As Booking.com is one of the online travel booking platforms commonly used by Hong Kong residents, local users may also face the same risk. Anyone who has used the platform to book hotels, accommodation, or other travel services should remain vigilant and beware of fraud. Fraudsters may include suspicious links in their messages, directing users to fake login, payment, or verification pages and asking them to enter account passwords, credit card details, one-time passwords, or other sensitive information.

 

Fraudsters may also contact victims through WhatsApp or other instant messaging platforms, asking them to re-verify payment details or complete a so-called booking confirmation process. Such messages often claim that booking information is incomplete and urge users to click suspicious links to provide the missing details. To make the scam appear more convincing, the messages may include genuine information such as the user’s actual check-in date and full guest name.

 

Recently, mickmick.net has also handled phishing cases involving online travel booking platforms such as Booking.com and Klook. These cases show that fraudsters target platforms related to travel bookings by setting up phishing websites to trick users into submitting account details or payment information.

 

The following are phishing website pages from related cases:

 

Image: A phishing website impersonating Booking.com, claiming that users must enter credit card details to proceed with the booking.

 

Image: A phishing webpage impersonating an online travel booking platform.

 

Image: A phishing website impersonating an online travel booking platform’s payment verification page.

 

mickmick.net urges the public not to assume that a message is genuine simply because it contains their name, hotel name, booking details, or itinerary information. Any notification involving account issues, payment issues, or abnormal booking activity should always be verified through official channels in order to protect personal and financial security.

 

Security Advice for the Public

mickmick.net reminds the public to:

 

  • Carefully verify the sender’s email address and the full website URL, and not rely solely on the displayed name to judge authenticity;
  • If you receive a notification related to booking, payment, or account security, check it directly through the official app or by manually entering the official website address;
  • Never click on links in messages from unknown or unverified sources;
  • Never enter account passwords, credit card details, one-time passwords, or other sensitive information on suspicious websites;
  • If in doubt, verify the matter independently through the official website, app, or publicly available contact details of the hotel;
  • Use strong passwords and enable multi-factor authentication to enhance account protection;
  • Regularly review bank account and credit card transaction records for any unusual activity.

 

If You Have Already Submitted Information, Take the Following Actions Immediately

If members of the public suspect that they have entered personal information, account credentials, or credit card details on a suspicious website, they should take the following steps as soon as possible:

 

  • Immediately stop all contact with the other party and do not provide any further personal, account, or financial information;
  • Change the password of the relevant platform account immediately, as well as the passwords of any other accounts using the same or similar password;
  • Contact the relevant bank or credit card issuer immediately, report the incident, and request appropriate protective measures;
  • Closely monitor bank account and credit card transaction records for any unauthorized transactions;
  • Keep all relevant records, including suspicious emails, message screenshots, URLs, website screenshots, and transaction records, for follow-up or reporting purposes.
沒有留言:

2026年6月12日星期五

GitLab 多個漏洞

GitLab 多個漏洞

發佈日期: 2026年06月12日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 GitLab 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發跨網站指令碼、阻斷服務狀況、權限提升、洩露敏感資料、繞過保安限制及資料篡改。 

影響

  • 跨網站指令碼
  • 阻斷服務
  • 權限提升
  • 繞過保安限制
  • 資料洩露
  • 篡改

受影響之系統或技術

  • GitLab Community Edition (CE) 19.0.2, 18.11.5, 18.10.8 以前的版本
  • GitLab Enterprise Edition (EE) 19.0.2, 18.11.5, 18.10.8 以前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

GitLab Multiple Vulnerabilities

GitLab Multiple Vulnerabilities

Release Date: 12 Jun 2026

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, denial of service condition, elevation of privilege, sensitive information disclosure, security restriction bypass and data manipulation on the targeted system.

Impact

  • Cross-Site Scripting
  • Denial of Service
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • GitLab Community Edition (CE) versions prior to 19.0.2, 18.11.5, 18.10.8
  • GitLab Enterprise Edition (EE) versions prior to 19.0.2, 18.11.5, 18.10.8

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

Google Chrome 多個漏洞

Google Chrome 多個漏洞

發佈日期: 2026年06月12日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、繞過保安限制及敏感資料洩露。

 

影響

  • 資料洩露
  • 阻斷服務
  • 遠端執行程式碼
  • 繞過保安限制

受影響之系統或技術

  • Google Chrome 149.0.7827.114 (Linux) 之前的版本
  • Google Chrome 149.0.7827.114/.115 (Mac) 之前的版本
  • Google Chrome 149.0.7827.114/.115 (Windows) 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

  • 更新至 149.0.7827.114 (Linux) 或之後版本
  • 更新至 149.0.7827.114/.115 (Mac) 或之後版本
  • 更新至 149.0.7827.114/.115 (Windows) 或之後版本

漏洞識別碼

資料來源

相關連結

沒有留言:

Google Chrome Multiple Vulnerabilities

Google Chrome Multiple Vulnerabilities

Release Date: 12 Jun 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, security restriction bypass and sensitive information disclosure on the targeted system.

Impact

  • Information Disclosure
  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Google Chrome prior to 149.0.7827.114 (Linux)
  • Google Chrome prior to 149.0.7827.114/.115 (Mac)
  • Google Chrome prior to 149.0.7827.114/.115 (Windows)

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to version 149.0.7827.114 (Linux) or later
  • Update to version 149.0.7827.114/.115 (Mac) or later
  • Update to version 149.0.7827.114/.115 (Windows) or later

Vulnerability Identifier

Source

Related Link

沒有留言:

Splunk 產品多個漏洞

Splunk 產品多個漏洞

發佈日期: 2026年06月12日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

於 Splunk 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發洩露敏感資料、繞過保安限制及跨網站指令碼。

影響

  • 繞過保安限制
  • 資料洩露
  • 跨網站指令碼

受影響之系統或技術

  • 以下 Splunk Enterprise 的之前版本
    • 10.0.7
    • 10.2.4
    • 9.3.13
    • 9.4.12
  • 以下 Splunk Cloud Platform 的之前版本
    • 9.3.2411.131
    • 9.3.2411.132
    • 10.0.2503.14
    • 10.1.2507.22
    • 10.1.2507.23
    • 10.2.2510.14
    • 10.2.2510.15
    • 10.3.2512.11
    • 10.3.2512.12
    • 10.3.2512.13
    • 10.4.2604.0
    • 10.4.2604.3

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

Splunk Products Multiple Vulnerabilities

Splunk Products Multiple Vulnerabilities

Release Date: 12 Jun 2026

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Splunk products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, security restriction bypass and cross-site scripting on the targeted system.

Impact

  • Security Restriction Bypass
  • Information Disclosure
  • Cross-Site Scripting

System / Technologies affected

  • Splunk Enterprise versions below
    • 10.0.7
    • 10.2.4
    • 9.3.13
    • 9.4.12
  • Splunk Cloud Platform versions below 
    • 9.3.2411.131
    • 9.3.2411.132
    • 10.0.2503.14
    • 10.1.2507.22
    • 10.1.2507.23
    • 10.2.2510.14
    • 10.2.2510.15
    • 10.3.2512.11
    • 10.3.2512.12
    • 10.3.2512.13
    • 10.4.2604.0
    • 10.4.2604.3

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

2026年6月11日星期四

OpenSSL 多個漏洞

OpenSSL 多個漏洞

發佈日期: 2026年06月11日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

於 OpenSSL 中發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發仿冒、遠端執行任意程式碼、阻斷服務狀況、繞過保安限制及敏感資料洩露。

影響

  • 阻斷服務
  • 遠端執行程式碼
  • 資料洩露
  • 繞過保安限制
  • 仿冒

受影響之系統或技術

  • OpenSSL 1.0.2 版本
  • OpenSSL 1.1.1 版本
  • OpenSSL 3.0 版本
  • OpenSSL 3.4 版本
  • OpenSSL 3.5 版本
  • OpenSSL 3.6 版本
  • OpenSSL 4.0 版本

解決方案

在安裝軟體之前,請先瀏覽軟體供應商之網站,以獲得更多詳細資料。

 

  • 對於 1.0.2 版本,更新至 1.0.2zq 版本
  • 對於 1.1.1 版本,更新至 1.1.1zh 版本
  • 對於 3.0 版本,更新至 3.0.21 版本
  • 對於 3.4 版本,更新至 3.4.6 版本
  • 對於 3.5 版本,更新至 3.5.7 版本
  • 對於 3.6 版本,更新至 3.6.3 版本
  • 對於 4.0 版本,更新至 4.0.1 版本

漏洞識別碼

資料來源

相關連結

沒有留言:

OpenSSL Multiple Vulnerabilities

OpenSSL Multiple Vulnerabilities

Release Date: 11 Jun 2026

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in OpenSSL. A remote attacker could exploit some of these vulnerabilities to trigger spoofing, remote code execution, denial of service condition, security restriction bypass and sensitive information disclosure on the targeted system.

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • OpenSSL version 1.0.2
  • OpenSSL version 1.1.1
  • OpenSSL version 3.0
  • OpenSSL version 3.4
  • OpenSSL version 3.5
  • OpenSSL version 3.6
  • OpenSSL version 4.0

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

  • For version 1.0.2, upgrade to version 1.0.2zq
  • For version 1.1.1, upgrade to version 1.1.1zh
  • For version 3.0, upgrade to version 3.0.21
  • For version 3.4, upgrade to version 3.4.6
  • For version 3.5, upgrade to version 3.5.7
  • For version 3.6, upgrade to version 3.6.3
  • For version 4.0, upgrade to version 4.0.1

Vulnerability Identifier

Source

Related Link

沒有留言:

2026年6月10日星期三

Adobe 每月保安更新 (2026年6月)

Adobe 每月保安更新 (2026年6月)

發佈日期: 2026年06月10日

風險: 中度風險

類型: 用戶端 - 辦公室應用

Adobe已為產品提供本月保安更新:

 

受影響產品風險程度影響備註詳情(包括 CVE)
Adobe Experience Manager中度風險 中度風險跨網站指令碼
遠端執行程式碼
繞過保安限制		 APSB26-56
Adobe Experience Manager Forms中度風險 中度風險跨網站指令碼
遠端執行程式碼		 APSB26-57
Adobe InDesign中度風險 中度風險

遠端執行程式碼
阻斷服務

資料洩露

 APSB26-58
Adobe InCopy中度風險 中度風險遠端執行程式碼 APSB26-59
Substance 3D Sampler中度風險 中度風險遠端執行程式碼 APSB26-60
Content Credentials SDK中度風險 中度風險阻斷服務
篡改		 APSB26-61
Adobe Dreamweaver中度風險 中度風險遠端執行程式碼
資料洩露		 APSB26-62
Adobe Acrobat Reader中度風險 中度風險遠端執行程式碼
阻斷服務		 APSB26-63
Adobe ColdFusion中度風險 中度風險遠端執行程式碼
繞過保安限制
權限提升
資料洩露
跨網站指令碼		 APSB26-64
Adobe Format Plugins中度風險 中度風險遠端執行程式碼 APSB26-65
Adobe Campaign Classic中度風險 中度風險遠端執行程式碼 APSB26-66

 

「極高度風險」產品數目:0

「高度風險」產品數目:0

「中度風險」產品數目:11

「低度風險」產品數目:0

整體「風險程度」評估:中度風險

影響

  • 遠端執行程式碼
  • 繞過保安限制
  • 阻斷服務
  • 跨網站指令碼
  • 篡改
  • 權限提升
  • 資料洩露

受影響之系統或技術

  • Adobe Experience Manager (AEM) AEM Cloud Service (CS)
  • Adobe Experience Manager (AEM) 6.5 LTS SP1 及以前版本
  • Adobe Experience Manager (AEM) SP24 及以前版本
  • Adobe Experience Manager 6.5 LTS SP1 及以前版本
  • Adobe Experience Manager 6.5 6.5.24.0 及以前版本
  • Adobe InDesign ID21.3 及以前版本
  • Adobe InDesign ID20.5.3 及以前版本
  • Adobe InCopy  21.3 及以前版本
  • Adobe InCopy  20.5.3 及以前版本
  • Adobe Substance 3D Sampler 6.0.0 及以前版本
  • Content Credentials JS SDK @contentauth/c2pa-web@0.7.1 及以前版本
  • Content Credentials Rust SDK c2pa-v0.80.1 及以前版本
  • Adobe Dreamweaver  21.7 及以前版本
  • Adobe Acrobat 26.001.21651 及以前版本
  • Acrobat Reader 26.001.21651 及以前版本
  • Acrobat 2024 24.001.30365 及以前版本
  • ColdFusion 2025 Update 8 及以前版本
  • ColdFusion 2023 Update 19 及以前版本
  • Adobe Format Plugins 1.1.2 及以前版本
  • Adobe Campaign Classic ACC v7: 7.4.3 build 9394 及以前版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

  • 安裝供應商提供的修補程式。個別產品詳情可參考上表「詳情」一欄或執行軟件更新。

漏洞識別碼

資料來源

相關連結

沒有留言:

Adobe Monthly Security Update (June 2026)

Adobe Monthly Security Update (June 2026)

Release Date: 10 Jun 2026

RISK: Medium Risk

TYPE: Clients - Productivity Products

Adobe has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotesDetails (including CVE)
Adobe Experience ManagerMedium Risk Medium RiskCross-site Scripting
Remote Code Execution
Security Restriction Bypass		 APSB26-56
Adobe Experience Manager FormsMedium Risk Medium RiskCross-site Scripting
Remote Code Execution		 APSB26-57
Adobe InDesignMedium Risk Medium Risk

Remote Code Execution
Denial of Service

Information Disclosure

 APSB26-58
Adobe InCopyMedium Risk Medium RiskRemote Code Execution APSB26-59
Substance 3D SamplerMedium Risk Medium RiskRemote Code Execution APSB26-60
Content Credentials SDKMedium Risk Medium RiskDenial of Service
Data Manipulation		 APSB26-61
Adobe DreamweaverMedium Risk Medium RiskRemote Code Execution
Information Disclosure		 APSB26-62
Adobe Acrobat ReaderMedium Risk Medium RiskRemote Code Execution
Denial of Service		 APSB26-63
Adobe ColdFusionMedium Risk Medium RiskRemote Code Execution
Security Restriction Bypass
Elevation of Privilege
Information Disclosure
Cross-site Scripting		 APSB26-64
Adobe Format PluginsMedium Risk Medium RiskRemote Code Execution APSB26-65
Adobe Campaign ClassicMedium Risk Medium RiskRemote Code Execution APSB26-66

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 11

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk

Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Denial of Service
  • Cross-Site Scripting
  • Data Manipulation
  • Elevation of Privilege
  • Information Disclosure

System / Technologies affected

  • Adobe Experience Manager (AEM) AEM Cloud Service (CS)
  • Adobe Experience Manager (AEM) 6.5 LTS SP1 and earlier versions
  • Adobe Experience Manager (AEM) SP24 and earlier versions
  • Adobe Experience Manager 6.5 LTS SP1 and earlier versions
  • Adobe Experience Manager 6.5 6.5.24.0 and earlier versions
  • Adobe InDesign ID21.3 and earlier versions
  • Adobe InDesign ID20.5.3 and earlier versions
  • Adobe InCopy  21.3 and earlier versions
  • Adobe InCopy  20.5.3 and earlier versions
  • Adobe Substance 3D Sampler 6.0.0 and earlier versions
  • Content Credentials JS SDK @contentauth/c2pa-web@0.7.1 and earlier versions
  • Content Credentials Rust SDK c2pa-v0.80.1 and earlier versions
  • Adobe Dreamweaver  21.7 and earlier versions
  • Adobe Acrobat 26.001.21651 and earlier versions
  • Acrobat Reader 26.001.21651 and earlier versions
  • Acrobat 2024 24.001.30365 and earlier versions
  • ColdFusion 2025 Update 8 and earlier versions
  • ColdFusion 2023 Update 19 and earlier versions
  • Adobe Format Plugins 1.1.2 and earlier versions
  • Adobe Campaign Classic ACC v7: 7.4.3 build 9394 and earlier versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update.

Vulnerability Identifier

Source

Related Link

沒有留言:

微軟每月保安更新 (2026年6月)

微軟每月保安更新 (2026年6月)

發佈日期: 2026年06月10日

風險: 中度風險

類型: 操作系統 - 視窗操作系統

微軟已為產品提供本月保安更新:

 

受影響產品風險程度影響備註
Apps中度風險 中度風險權限提升
仿冒
繞過保安限制
遠端執行程式碼
資料洩露		 
Azure中度風險 中度風險資料洩露
遠端執行程式碼
仿冒
權限提升		 
瀏覽器中度風險 中度風險資料洩露 
開發者工具中度風險 中度風險權限提升
篡改
繞過保安限制
阻斷服務
資料洩露		 
延伸安全性更新 (ESU)中度風險 中度風險權限提升
仿冒
資料洩露
遠端執行程式碼
阻斷服務
繞過保安限制
篡改		 
微軟 Dynamics中度風險 中度風險權限提升 
微軟 Office中度風險 中度風險仿冒
遠端執行程式碼
資料洩露
繞過保安限制
權限提升		 
Server Software中度風險 中度風險仿冒
資料洩露
權限提升
遠端執行程式碼		CVE-2026-45585 的概念驗證碼已被公開。該漏洞可讓本地攻擊者繞過 Microsoft BitLocker 加密來存取資料。該漏洞又被稱爲「YellowKey」。
視窗中度風險 中度風險權限提升
資料洩露
阻斷服務
遠端執行程式碼
仿冒
繞過保安限制
篡改		CVE-2026-45585 的概念驗證碼已被公開。該漏洞可讓本地攻擊者繞過 Microsoft BitLocker 加密來存取資料。該漏洞又被稱爲「YellowKey」。

 

「極高度風險」產品數目:0

「高度風險」產品數目:0

「中度風險」產品數目:9

「低度風險」產品數目:0

整體「風險程度」評估:中度風險

影響

  • 仿冒
  • 遠端執行程式碼
  • 權限提升
  • 繞過保安限制
  • 資料洩露
  • 篡改
  • 阻斷服務

受影響之系統或技術

  • Apps
  • Azure
  • 瀏覽器
  • 開發者工具
  • 延伸安全性更新 (ESU)
  • 微軟 Dynamics
  • 微軟 Office
  • Server Software
  • 視窗

解決方案

在安裝軟體之前,請先瀏覽軟體供應商之網站,以獲得更多詳細資料。

  • 安裝軟件供應商提供的修補程式。

漏洞識別碼

資料來源

相關連結

沒有留言:

Microsoft Monthly Security Update (June 2026)

Microsoft Monthly Security Update (June 2026)

Release Date: 10 Jun 2026

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
AppsMedium Risk Medium RiskElevation of Privilege
Spoofing
Security Restriction Bypass
Remote Code Execution
Information Disclosure		 
AzureMedium Risk Medium RiskInformation Disclosure
Remote Code Execution
Spoofing
Elevation of Privilege		 
BrowserMedium Risk Medium RiskInformation Disclosure 
Developer ToolsMedium Risk Medium RiskElevation of Privilege
Data Manipulation
Security Restriction Bypass
Denial of Service
Information Disclosure		 
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Spoofing
Information Disclosure
Remote Code Execution
Denial of Service
Security Restriction Bypass
Data Manipulation		 
Microsoft DynamicsMedium Risk Medium RiskElevation of Privilege 
Microsoft OfficeMedium Risk Medium RiskSpoofing
Remote Code Execution
Information Disclosure
Security Restriction Bypass
Elevation of Privilege		 
Server SoftwareMedium Risk Medium RiskSpoofing
Information Disclosure
Elevation of Privilege
Remote Code Execution		Proof of Concept exploit code is publicly available for CVE-2026-45585. This vulnerability allows local attacker to bypass Microsoft BitLocker encryption to access data. This vulnerability is also known as "YellowKey".
WindowsMedium Risk Medium RiskElevation of Privilege
Information Disclosure
Denial of Service
Remote Code Execution
Spoofing
Security Restriction Bypass
Data Manipulation		Proof of Concept exploit code is publicly available for CVE-2026-45585. This vulnerability allows local attacker to bypass Microsoft BitLocker encryption to access data. This vulnerability is also known as "YellowKey".

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 9

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk

Impact

  • Spoofing
  • Remote Code Execution
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure
  • Data Manipulation
  • Denial of Service

System / Technologies affected

  • Apps
  • Azure
  • Browser
  • Developer Tools
  • Extended Security Updates (ESU)
  • Microsoft Dynamics
  • Microsoft Office
  • Server Software
  • Windows

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

沒有留言:

Apache HTTP Server 多個漏洞

Apache HTTP Server 多個漏洞

發佈日期: 2026年06月10日

風險: 中度風險

類型: 伺服器 - 網站伺服器

於 Apache 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發權限提升、阻斷服務狀況、資料篡改、跨網站指令碼及敏感資料洩露。

影響

  • 阻斷服務
  • 跨網站指令碼
  • 資料洩露
  • 權限提升
  • 篡改

受影響之系統或技術

  • Apache HTTP Server 2.4.68 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

  • Apache HTTP Server 2.4.68 版本

漏洞識別碼

資料來源

相關連結

沒有留言:

Apache HTTP Server Multiple Vulnerabilities

Apache HTTP Server Multiple Vulnerabilities

Release Date: 10 Jun 2026

RISK: Medium Risk

TYPE: Servers - Web Servers

Multiple vulnerabilities were identified in Apache HTTP Server. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, denial of service condition, data manipulation, cross-site scripting and sensitive information disclosure on the targeted system.

Impact

  • Denial of Service
  • Cross-Site Scripting
  • Information Disclosure
  • Elevation of Privilege
  • Data Manipulation

System / Technologies affected

  • Apache HTTP Server versions prior to 2.4.68

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

  • Apache HTTP Server version 2.4.68

Vulnerability Identifier

Source

Related Link

沒有留言:

Microsoft Edge 多個漏洞

Microsoft Edge 多個漏洞

發佈日期: 2026年06月10日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、權限提升、繞過保安限制及敏感資料洩露。

 

影響

  • 資料洩露
  • 阻斷服務
  • 遠端執行程式碼
  • 權限提升
  • 繞過保安限制

受影響之系統或技術

  • Microsoft Edge 149.0.4022.53 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

  • 更新至 149.0.4022.53 或之後版本

漏洞識別碼

資料來源

相關連結

沒有留言:
訂閱: 文章 (Atom)

釣魚警報 - 提防利用疑似外洩預訂資料的 Booking.com 釣魚訊息

釣魚警報 - 提防利用疑似外洩預訂資料的 Booking.com 釣魚訊息 發佈日期: 2026年06月15日 類別: ...