{"id":568,"date":"2025-08-04T21:19:56","date_gmt":"2025-08-04T14:19:56","guid":{"rendered":"https:\/\/nopphatnguoi.vn\/blog\/microsoft-canh-bao-tan-cong-bao-mat-qua-sharepoint-khuyen-cao-khan-cap-ve-nguy-co-tu-nhom-tin-tac-trung-quoc\/"},"modified":"2025-08-04T21:19:56","modified_gmt":"2025-08-04T14:19:56","slug":"microsoft-canh-bao-tan-cong-bao-mat-qua-sharepoint-khuyen-cao-khan-cap-ve-nguy-co-tu-nhom-tin-tac-trung-quoc","status":"publish","type":"post","link":"https:\/\/nopphatnguoi.vn\/blog\/microsoft-canh-bao-tan-cong-bao-mat-qua-sharepoint-khuyen-cao-khan-cap-ve-nguy-co-tu-nhom-tin-tac-trung-quoc\/","title":{"rendered":"Microsoft c\u1ea3nh b\u00e1o t\u1ea5n c\u00f4ng b\u1ea3o m\u1eadt qua SharePoint, khuy\u1ebfn c\u00e1o kh\u1ea9n c\u1ea5p v\u1ec1 nguy c\u01a1 t\u1eeb nh\u00f3m tin t\u1eb7c Trung Qu\u1ed1c"},"content":{"rendered":"<div>\n<p>Microsoft v&#7915;a ph&aacute;t h&agrave;nh m&#7897;t c&#7843;nh b&aacute;o b&#7843;o m&#7853;t kh&#7849;n c&#7845;p li&ecirc;n quan &#273;&#7871;n m&#7897;t chi&#7871;n d&#7883;ch t&#7845;n c&ocirc;ng m&#7841;ng c&oacute; ch&#7911; &#273;&iacute;ch v&agrave; &#273;ang di&#7877;n ra, nh&#7855;m v&agrave;o c&aacute;c h&#7879; th&#7889;ng SharePoint Server on-premises. Chi&#7871;n d&#7883;ch n&agrave;y b&#7855;t &#273;&#7847;u t&#7915; ng&agrave;y 7 th&aacute;ng 7 n&#259;m 2025 v&agrave; &#273;&#432;&#7907;c cho l&agrave; do ba nh&oacute;m tin t&#7863;c c&oacute; tr&#7909; s&#7903; t&#7841;i Trung Qu&#7889;c th&#7921;c hi&#7879;n, bao g&#7891;m Linen Typhoon, Violet Typhoon v&agrave; Storm-2603.<\/p>\n<p>C&aacute;c cu&#7897;c t&#7845;n c&ocirc;ng n&agrave;y &#273;&atilde; khai th&aacute;c m&#7897;t chu&#7895;i c&aacute;c l&#7895; h&#7893;ng b&#7843;o m&#7853;t nghi&ecirc;m tr&#7885;ng trong SharePoint Server, cho ph&eacute;p k&#7867; t&#7845;n c&ocirc;ng v&#432;&#7907;t qua x&aacute;c th&#7921;c, th&#7921;c thi m&atilde; t&#7915; xa v&agrave; chi&#7871;m quy&#7873;n ki&#7875;m so&aacute;t h&#7879; th&#7889;ng n&#7897;i b&#7897; c&#7911;a t&#7893; ch&#7913;c. &#272;&#7863;c bi&#7879;t, v&agrave;o ng&agrave;y 18 th&aacute;ng 7 n&#259;m 2025, m&#7897;t trong nh&#7919;ng n&#7841;n nh&acirc;n b&#7883; x&acirc;m nh&#7853;p &#273;&#432;&#7907;c x&aacute;c nh&#7853;n l&agrave; C&#417; quan Qu&#7843;n l&yacute; An ninh H&#7841;t nh&acirc;n Qu&#7889;c gia M&#7929; (NNSA), thu&#7897;c B&#7897; N&#259;ng l&#432;&#7907;ng Hoa K&#7923;. M&#7863;c d&ugrave; ch&#7881; m&#7897;t s&#7889; h&#7879; th&#7889;ng b&#7883; &#7843;nh h&#432;&#7903;ng v&agrave; ch&#432;a ph&aacute;t hi&#7879;n ra b&#7845;t k&#7923; r&ograve; r&#7881; d&#7919; li&#7879;u m&#7853;t n&agrave;o, v&#7909; vi&#7879;c n&agrave;y &#273;&atilde; cho th&#7845;y quy m&ocirc; v&agrave; m&#7913;c &#273;&#7897; tinh vi c&#7911;a l&agrave;n s&oacute;ng t&#7845;n c&ocirc;ng.<\/p>\n<p>Microsoft &#273;&atilde; x&aacute;c &#273;&#7883;nh &#273;&#432;&#7907;c b&#7889;n l&#7895; h&#7893;ng b&#7843;o m&#7853;t &#273;&#432;&#7907;c khai th&aacute;c trong &#273;&#7907;t t&#7845;n c&ocirc;ng n&agrave;y, bao g&#7891;m CVE-2025-49706, CVE-2025-49704, CVE-2025-53770 v&agrave; CVE-2025-53771. Nh&#7919;ng l&#7895; h&#7893;ng n&agrave;y &#7843;nh h&#432;&#7903;ng &#273;&#7871;n c&aacute;c phi&ecirc;n b&#7843;n SharePoint Server 2016, 2019 v&agrave; Subscription Edition c&agrave;i &#273;&#7863;t t&#7841;i ch&#7895;. &#272;&#7875; &#273;&#7889;i ph&oacute; v&#7899;i l&agrave;n s&oacute;ng t&#7845;n c&ocirc;ng n&agrave;y, Microsoft &#273;&atilde; nhanh ch&oacute;ng ph&aacute;t h&agrave;nh c&aacute;c b&#7843;n v&aacute; b&#7843;o m&#7853;t t&#432;&#417;ng &#7913;ng.<\/p>\n<p>Ngo&agrave;i ra, Microsoft c&#361;ng khuy&#7871;n ngh&#7883; c&aacute;c t&#7893; ch&#7913;c tri&#7875;n khai ngay c&aacute;c bi&#7879;n ph&aacute;p ph&ograve;ng th&#7911; &#273;&#7875; b&#7843;o v&#7879; h&#7879; th&#7889;ng tr&#432;&#7899;c c&aacute;c cu&#7897;c t&#7845;n c&ocirc;ng. C&aacute;c bi&#7879;n ph&aacute;p n&agrave;y bao g&#7891;m k&iacute;ch ho&#7841;t AMSI &#7903; ch&#7871; &#273;&#7897; Full Mode, trang b&#7883; Microsoft Defender Antivirus, xoay v&ograve;ng kh&oacute;a x&aacute;c th&#7921;c ASP.NET v&agrave; kh&#7903;i &#273;&#7897;ng l&#7841;i d&#7883;ch v&#7909; IIS. Vi&#7879;c &aacute;p d&#7909;ng c&aacute;c bi&#7879;n ph&aacute;p n&agrave;y l&agrave; r&#7845;t quan tr&#7885;ng &#273;&#7875; ng&#259;n ch&#7863;n c&aacute;c cu&#7897;c t&#7845;n c&ocirc;ng m&#7841;ng.<\/p>\n<p>CISA &#273;&atilde; th&ecirc;m CVE-2025-53771 v&agrave;o danh s&aacute;ch c&aacute;c l&#7895; h&#7893;ng c&#7847;n kh&#7855;c ph&#7909;c kh&#7849;n c&#7845;p v&agrave;o ng&agrave;y 22 th&aacute;ng 7 n&#259;m 2025, v&#7899;i h&#7841;n ch&oacute;t th&#7921;c hi&#7879;n ch&#7881; sau &#273;&oacute; m&#7897;t ng&agrave;y. C&aacute;c chuy&ecirc;n gia an ninh m&#7841;ng c&#361;ng c&#7843;nh b&aacute;o r&#7857;ng vi&#7879;c k&#7871;t h&#7907;p gi&#7919;a bypass x&aacute;c th&#7921;c v&agrave; th&#7921;c thi m&atilde; t&#7915; xa l&agrave; c&ocirc;ng th&#7913;c l&yacute; t&#432;&#7903;ng cho c&aacute;c chi&#7871;n d&#7883;ch t&#7845;n c&ocirc;ng m&atilde; h&oacute;a d&#7919; li&#7879;u.<\/p>\n<p>Do &#273;&oacute;, vi&#7879;c c&#7853;p nh&#7853;t b&#7843;n v&aacute; kh&ocirc;ng c&ograve;n l&agrave; l&#7921;a ch&#7885;n, m&agrave; &#273;&oacute; l&agrave; h&agrave;nh &#273;&#7897;ng s&#7889;ng c&ograve;n trong b&#7889;i c&#7843;nh k&#7867; t&#7845;n c&ocirc;ng &#273;&atilde; c&oacute; s&#7861;n &#273;&#432;&#7901;ng &#273;i, ch&#7881; ch&#7901; th&#7901;i c&#417; &#273;&#7875; b&#432;&#7899;c v&agrave;o. C&aacute;c t&#7893; ch&#7913;c c&#7847;n ph&#7843;i th&#7921;c hi&#7879;n ngay c&aacute;c bi&#7879;n ph&aacute;p b&#7843;o m&#7853;t c&#7847;n thi&#7871;t &#273;&#7875; &#273;&#7843;m b&#7843;o an to&agrave;n cho h&#7879; th&#7889;ng c&#7911;a m&igrave;nh.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft c\u1ea3nh b\u00e1o v\u1ec1 cu\u1ed9c t\u1ea5n c\u00f4ng b\u1ea3o m\u1eadt v\u00e0o SharePoint Server on-premises c\u1ee7a c\u00e1c nh\u00f3m tin t\u1eb7c Trung Qu\u1ed1c. C\u00e1c l\u1ed7 h\u1ed5ng cho ph\u00e9p v\u01b0\u1ee3t qua x\u00e1c th\u1ef1c v\u00e0 th\u1ef1c thi m\u00e3 t\u1eeb xa. S\u1ef1 c\u1ed1 n\u00e0y \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn c\u1ed9ng \u0111\u1ed3ng an ninh m\u1ea1ng M\u1ef9 v\u00e0 NNSA. Microsoft \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 v\u00e0 khuy\u1ebfn ngh\u1ecb bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7.<\/p>\n","protected":false},"author":1,"featured_media":569,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[12],"tags":[827,818,825,822,817,826,819,820,824,821,823],"class_list":["post-568","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-xa-hoi","tag-ban-va-bao-mat","tag-canh-bao-bao-mat","tag-cong-dong-an-ninh-mang-my","tag-lo-hong-bao-mat","tag-microsoft","tag-nnsa","tag-sharepoint-server","tag-tan-cong-mang","tag-thuc-thi-ma","tag-tin-tac-trung-quoc","tag-xac-thuc"],"_links":{"self":[{"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/posts\/568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/comments?post=568"}],"version-history":[{"count":0,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/posts\/568\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/media\/569"}],"wp:attachment":[{"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/media?parent=568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/categories?post=568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/tags?post=568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}