{"id":6288,"date":"2025-12-29T12:25:19","date_gmt":"2025-12-29T05:25:19","guid":{"rendered":"https:\/\/tamanh.asia\/?p=6288"},"modified":"2025-12-29T15:52:44","modified_gmt":"2025-12-29T08:52:44","slug":"cisa-canh-bao-khan-lo-hong-sharepoint-bi-khai-thac-tich-cuc-boi-tin-tac","status":"publish","type":"post","link":"https:\/\/tamanh.asia\/?p=6288","title":{"rendered":"CISA C\u1ea3nh B\u00e1o Kh\u1ea9n: L\u1ed7 H\u1ed5ng SharePoint B\u1ecb Khai Th\u00e1c T\u00edch C\u1ef1c B\u1edfi Tin T\u1eb7c"},"content":{"rendered":"<p>C\u01a1 quan An ninh C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng v\u00e0 An ninh m\u1ea1ng (<strong>CISA<\/strong>) \u0111\u00e3 \u0111\u01b0a ra c\u1ea3nh b\u00e1o kh\u1ea9n c\u1ea5p v\u1ec1 vi\u1ec7c c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda \u0111ang t\u00edch c\u1ef1c khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong&nbsp;<strong>SharePoint<\/strong>. C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt \u0111\u00e3 quy k\u1ebft c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y cho c\u00e1c nh\u00f3m tin t\u1eb7c Trung Qu\u1ed1c.<\/p><p><strong>CISA<\/strong>&nbsp;c\u1ea3nh b\u00e1o r\u1eb1ng c\u00e1c t\u00e1c nh\u00e2n \u0111\u1ed9c h\u1ea1i \u0111ang t\u1eadn d\u1ee5ng m\u1ed9t chu\u1ed7i l\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c \u0111\u1eb7t t\u00ean l\u00e0 \u201c<strong>ToolShell<\/strong>\u201d \u0111\u1ec3 gi\u00e0nh quy\u1ec1n truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o c\u00e1c m\u00e1y ch\u1ee7&nbsp;<strong>SharePoint on-premises<\/strong>&nbsp;c\u1ee7a c\u00e1c t\u1ed5 ch\u1ee9c.<\/p><h2 class=\"wp-block-heading\">Chu\u1ed7i l\u1ed7 h\u1ed5ng ToolShell v\u00e0 T\u00e1c \u0111\u1ed9ng<\/h2><p><strong>CISA<\/strong>&nbsp;\u0111\u00e3 x\u00e1c nh\u1eadn r\u1eb1ng nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng \u0111ang t\u00edch c\u1ef1c khai th\u00e1c hai l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng:&nbsp;<strong>CVE-2025-49706<\/strong>, m\u1ed9t l\u1ed7 h\u1ed5ng gi\u1ea3 m\u1ea1o m\u1ea1ng (network spoofing), v\u00e0&nbsp;<strong>CVE-2025-49704<\/strong>, m\u1ed9t l\u1ed7 h\u1ed5ng th\u1ef1c thi m\u00e3 t\u1eeb xa (Remote Code Execution \u2013&nbsp;<strong>RCE<\/strong>). S\u1ef1 k\u1ebft h\u1ee3p nguy hi\u1ec3m n\u00e0y cho ph\u00e9p c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda \u0111\u1ea1t \u0111\u01b0\u1ee3c c\u1ea3 quy\u1ec1n truy c\u1eadp h\u1ec7 th\u1ed1ng kh\u00f4ng x\u00e1c th\u1ef1c v\u00e0 quy\u1ec1n truy c\u1eadp \u0111\u00e3 x\u00e1c th\u1ef1c th\u00f4ng qua c\u00e1c k\u1ef9 thu\u1eadt gi\u1ea3 m\u1ea1o m\u1ea1ng.<\/p><p>Chu\u1ed7i l\u1ed7 h\u1ed5ng n\u00e0y cung c\u1ea5p cho k\u1ebb t\u1ea5n c\u00f4ng quy\u1ec1n ki\u1ec3m so\u00e1t to\u00e0n di\u1ec7n \u0111\u1ed1i v\u1edbi m\u00f4i tr\u01b0\u1eddng&nbsp;<strong>SharePoint<\/strong>, cho ph\u00e9p ch\u00fang truy c\u1eadp c\u00e1c h\u1ec7 th\u1ed1ng t\u1ec7p, c\u1ea5u h\u00ecnh n\u1ed9i b\u1ed9 v\u00e0 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd tr\u00ean c\u00e1c m\u1ea1ng. Ph\u1ea1m vi v\u00e0 t\u00e1c \u0111\u1ed9ng c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y v\u1eabn \u0111ang \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1, nh\u01b0ng h\u1eadu qu\u1ea3 l\u00e0 nghi\u00eam tr\u1ecdng \u0111\u1ed1i v\u1edbi c\u00e1c t\u1ed5 ch\u1ee9c \u0111ang v\u1eadn h\u00e0nh c\u00e1c c\u00e0i \u0111\u1eb7t&nbsp;<strong>SharePoint<\/strong>&nbsp;d\u1ec5 b\u1ecb t\u1ed5n th\u01b0\u01a1ng.<\/p><p>C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt \u0111\u00e3 l\u01b0u \u00fd r\u1eb1ng chu\u1ed7i t\u1ea5n c\u00f4ng&nbsp;<strong>ToolShell<\/strong>&nbsp;th\u1ec3 hi\u1ec7n m\u1ed9t m\u1ed1i \u0111e d\u1ecda \u0111\u00e1ng k\u1ec3 \u0111\u1ed1i v\u1edbi c\u00e1c m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p, \u0111\u1eb7c bi\u1ec7t l\u00e0 nh\u1eefng tri\u1ec3n khai&nbsp;<strong>SharePoint<\/strong>&nbsp;c\u00f3 th\u1ec3 truy c\u1eadp c\u00f4ng khai.<\/p><h2 class=\"wp-block-heading\">Ph\u1ea3n \u1ee9ng c\u1ee7a Microsoft v\u00e0 c\u00e1c L\u1ed7 h\u1ed5ng B\u1ed5 sung<\/h2><p>Microsoft \u0111\u00e3 ph\u1ea3n \u1ee9ng nhanh ch\u00f3ng v\u1edbi m\u1ed1i \u0111e d\u1ecda n\u00e0y, ph\u00e1t h\u00e0nh c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt v\u00e0 h\u01b0\u1edbng d\u1eabn chi ti\u1ebft \u0111\u1ec3 c\u00e1c t\u1ed5 ch\u1ee9c b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng c\u1ee7a h\u1ecd. Ngo\u00e0i ra, Microsoft \u0111\u00e3 x\u00e1c \u0111\u1ecbnh hai&nbsp;<strong>CVE<\/strong>&nbsp;b\u1ed5 sung ti\u1ec1m \u1ea9n r\u1ee7i ro:<\/p><ul class=\"wp-block-list\"><li><strong>CVE-2025-53771<\/strong>: Ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t b\u1ea3n v\u00e1 bypass cho&nbsp;<strong>CVE-2025-49706<\/strong>.<\/li>\n\n<li><strong>CVE-2025-53770<\/strong>: Ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t b\u1ea3n v\u00e1 bypass cho&nbsp;<strong>CVE-2025-49704<\/strong>.<\/li><\/ul><p>M\u1eb7c d\u00f9 c\u00e1c l\u1ed7 h\u1ed5ng bypass n\u00e0y hi\u1ec7n kh\u00f4ng b\u1ecb khai th\u00e1c t\u00edch c\u1ef1c, s\u1ef1 t\u1ed3n t\u1ea1i c\u1ee7a ch\u00fang nh\u1ea5n m\u1ea1nh s\u1ef1 ph\u1ee9c t\u1ea1p c\u1ee7a b\u1ed1i c\u1ea3nh \u0111e d\u1ecda.<\/p><h2 class=\"wp-block-heading\">H\u01b0\u1edbng d\u1eabn Kh\u1eafc ph\u1ee5c t\u1eeb CISA<\/h2><p><strong>CISA<\/strong>&nbsp;\u0111\u00e3 ban h\u00e0nh h\u01b0\u1edbng d\u1eabn to\u00e0n di\u1ec7n, th\u00fac gi\u1ee5c c\u00e1c t\u1ed5 ch\u1ee9c th\u1ef1c hi\u1ec7n h\u00e0nh \u0111\u1ed9ng ngay l\u1eadp t\u1ee9c. C\u01a1 quan n\u00e0y khuy\u1ebfn ngh\u1ecb \u00e1p d\u1ee5ng ngay l\u1eadp t\u1ee9c c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt c\u1ee7a Microsoft v\u00e0 c\u1ea5u h\u00ecnh&nbsp;<strong>Antimalware Scan Interface (AMSI)<\/strong>&nbsp;trong c\u00e1c m\u00f4i tr\u01b0\u1eddng&nbsp;<strong>SharePoint<\/strong>.<\/p><p>\u0110\u1ed1i v\u1edbi c\u00e1c t\u1ed5 ch\u1ee9c kh\u00f4ng th\u1ec3 b\u1eadt&nbsp;<strong>AMSI<\/strong>,&nbsp;<strong>CISA<\/strong>&nbsp;khuy\u00ean n\u00ean ng\u1eaft k\u1ebft n\u1ed1i c\u00e1c s\u1ea3n ph\u1ea9m&nbsp;<strong>SharePoint<\/strong>&nbsp;h\u01b0\u1edbng ra c\u00f4ng ch\u00fang kh\u1ecfi truy c\u1eadp internet cho \u0111\u1ebfn khi c\u00e1c bi\u1ec7n ph\u00e1p gi\u1ea3m thi\u1ec3u ch\u00ednh th\u1ee9c c\u00f3 s\u1eb5n.<\/p><p>C\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 b\u1ed5 sung bao g\u1ed3m:<\/p><ul class=\"wp-block-list\"><li>Xoay v\u00f2ng kh\u00f3a m\u00e1y&nbsp;<strong>ASP.NET<\/strong>&nbsp;c\u1ea3 tr\u01b0\u1edbc v\u00e0 sau khi \u00e1p d\u1ee5ng c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt.<\/li>\n\n<li>Gi\u00e1m s\u00e1t c\u00e1c y\u00eau c\u1ea7u&nbsp;<strong>POST<\/strong>&nbsp;\u0111\u00e1ng ng\u1edd \u0111\u1ebfn c\u00e1c \u0111i\u1ec3m cu\u1ed1i (endpoints)&nbsp;<strong>SharePoint<\/strong>&nbsp;c\u1ee5 th\u1ec3.<\/li>\n\n<li>Tri\u1ec3n khai kh\u1ea3 n\u0103ng ghi nh\u1eadt k\u00fd (logging) n\u00e2ng cao.<\/li><\/ul><h2 class=\"wp-block-heading\">Ch\u1ec9 s\u1ed1 Compromise (IOCs)<\/h2><p>C\u00e1c t\u1ed5 ch\u1ee9c c\u0169ng n\u00ean qu\u00e9t t\u00ecm c\u00e1c \u0111\u1ecba ch\u1ec9&nbsp;<strong>IP<\/strong>&nbsp;c\u1ee5 th\u1ec3 li\u00ean quan \u0111\u1ebfn c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng, \u0111\u1eb7c bi\u1ec7t l\u00e0 c\u00e1c \u0111\u1ecba ch\u1ec9 sau \u0111\u00e2y \u0111\u00e3 cho th\u1ea5y ho\u1ea1t \u0111\u1ed9ng trong kho\u1ea3ng th\u1eddi gian t\u1eeb ng\u00e0y&nbsp;<strong>18-19 th\u00e1ng 7 n\u0103m 2025<\/strong>:<\/p><ul class=\"wp-block-list\"><li><strong>107.191.58.76<\/strong><\/li>\n\n<li><strong>104.238.159.149<\/strong><\/li>\n\n<li><strong>96.9.125.147<\/strong><\/li><\/ul><h2 class=\"wp-block-heading\">C\u1eadp nh\u1eadt Danh m\u1ee5c L\u1ed7 h\u1ed5ng \u0111\u00e3 b\u1ecb Khai th\u00e1c (KEV) c\u1ee7a CISA<\/h2><p>C\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 nhanh ch\u00f3ng \u0111\u01b0\u1ee3c th\u00eam v\u00e0o danh m\u1ee5c&nbsp;<strong>Known Exploited Vulnerabilities (KEV)<\/strong>&nbsp;c\u1ee7a&nbsp;<strong>CISA<\/strong>:<\/p><ul class=\"wp-block-list\"><li><strong>CVE-2025-53770<\/strong>&nbsp;\u0111\u01b0\u1ee3c th\u00eam v\u00e0o ng\u00e0y&nbsp;<strong>20 th\u00e1ng 7 n\u0103m 2025<\/strong>.<\/li>\n\n<li>Ti\u1ebfp theo l\u00e0&nbsp;<strong>CVE-2025-49706<\/strong>&nbsp;v\u00e0&nbsp;<strong>CVE-2025-49704<\/strong>&nbsp;v\u00e0o ng\u00e0y&nbsp;<strong>22 th\u00e1ng 7 n\u0103m 2025<\/strong>.<\/li><\/ul><p>C\u00e1c c\u00f4ng ty b\u1ea3o m\u1eadt bao g\u1ed3m&nbsp;<strong>Eye Security<\/strong>&nbsp;v\u00e0&nbsp;<strong>Palo Alto Networks Unit42<\/strong>&nbsp;\u0111\u00e3 c\u00f4ng b\u1ed1 c\u00e1c ph\u00e2n t\u00edch chi ti\u1ebft v\u1ec1 c\u00e1c k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng.<\/p><p>C\u00e1c t\u1ed5 ch\u1ee9c \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb b\u00e1o c\u00e1o ngay l\u1eadp t\u1ee9c b\u1ea5t k\u1ef3 s\u1ef1 c\u1ed1 ho\u1eb7c ho\u1ea1t \u0111\u1ed9ng b\u1ea5t th\u01b0\u1eddng n\u00e0o cho&nbsp;<strong>Trung t\u00e2m V\u1eadn h\u00e0nh 24\/7<\/strong>&nbsp;c\u1ee7a&nbsp;<strong>CISA<\/strong>, khi c\u01a1 quan n\u00e0y ti\u1ebfp t\u1ee5c theo d\u00f5i b\u1ed1i c\u1ea3nh m\u1ed1i \u0111e d\u1ecda \u0111ang ph\u00e1t tri\u1ec3n n\u00e0y.<\/p><p><\/p><p><sup>Ngu\u1ed3n : <a href=\"https:\/\/adsecvn.com\/cisa-canh-bao-khan-lo-hong-sharepoint-bi-khai-thac-tich-cuc-boi-tin-tac\/\">https:\/\/adsecvn.com\/cisa-canh-bao-khan-lo-hong-sharepoint-bi-khai-thac-tich-cuc-boi-tin-tac\/<\/a><\/sup><\/p><p><\/p>","protected":false},"excerpt":{"rendered":"<p>C\u01a1 quan An ninh C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng v\u00e0 An ninh m\u1ea1ng (CISA) \u0111\u00e3 \u0111\u01b0a ra c\u1ea3nh b\u00e1o kh\u1ea9n c\u1ea5p v\u1ec1 vi\u1ec7c c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda \u0111ang t\u00edch c\u1ef1c khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong&nbsp;SharePoint. C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt \u0111\u00e3 quy k\u1ebft c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y cho c\u00e1c nh\u00f3m&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":6290,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[311],"tags":[],"class_list":["post-6288","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tin-tuc"],"acf":[],"_links":{"self":[{"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/posts\/6288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tamanh.asia\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6288"}],"version-history":[{"count":2,"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/posts\/6288\/revisions"}],"predecessor-version":[{"id":6297,"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/posts\/6288\/revisions\/6297"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/media\/6290"}],"wp:attachment":[{"href":"https:\/\/tamanh.asia\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tamanh.asia\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tamanh.asia\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}