{"id":8916,"date":"2025-08-29T15:50:35","date_gmt":"2025-08-29T08:50:35","guid":{"rendered":"https:\/\/nopphatnguoi.vn\/blog\/canh-bao-lo-hong-bao-mat-nghiem-trong-tren-microsoft-sharepoint\/"},"modified":"2025-08-29T15:50:36","modified_gmt":"2025-08-29T08:50:36","slug":"canh-bao-lo-hong-bao-mat-nghiem-trong-tren-microsoft-sharepoint","status":"publish","type":"post","link":"https:\/\/nopphatnguoi.vn\/blog\/canh-bao-lo-hong-bao-mat-nghiem-trong-tren-microsoft-sharepoint\/","title":{"rendered":"C\u1ea3nh b\u00e1o l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng tr\u00ean Microsoft SharePoint"},"content":{"rendered":"<div>\n<p>Ng&agrave;y 21\/7, Microsoft &#273;&atilde; ph&aacute;t h&agrave;nh m&#7897;t b&#7843;n c&#7853;p nh&#7853;t b&#7843;o m&#7853;t kh&#7849;n c&#7845;p quan tr&#7885;ng &#273;&#7875; gi&#7843;i quy&#7871;t hai l&#7895; h&#7893;ng b&#7843;o m&#7853;t zero-day nghi&ecirc;m tr&#7885;ng, &#273;&#432;&#7907;c x&aacute;c &#273;&#7883;nh l&agrave; CVE-2025-53770 v&agrave; CVE-2025-53771. Nh&#7919;ng l&#7895; h&#7893;ng n&agrave;y cho ph&eacute;p k&#7867; t&#7845;n c&ocirc;ng th&#7921;c hi&#7879;n c&aacute;c cu&#7897;c t&#7845;n c&ocirc;ng th&#7921;c thi m&atilde; t&#7915; xa (Remote Code Execution &#8211; RCE) tr&ecirc;n c&aacute;c m&aacute;y ch&#7911; SharePoint, m&#7897;t n&#7873;n t&#7843;ng c&#7897;ng t&aacute;c doanh nghi&#7879;p ph&#7893; bi&#7871;n c&#7911;a Microsoft.<\/p>\n<p>S&#7921; vi&#7879;c b&#7855;t ngu&#7891;n t&#7915; cu&#7897;c thi t&#7845;n c&ocirc;ng m&#7841;ng Pwn2Own t&#7841;i Berlin v&agrave;o th&aacute;ng 5, n&#417;i c&aacute;c &#273;&#7897;i &#273;&atilde; khai th&aacute;c th&agrave;nh c&ocirc;ng m&#7897;t chu&#7895;i l&#7895; h&#7893;ng &#273;&#432;&#7907;c g&#7885;i l&agrave; ToolShell &#273;&#7875; chi&#7871;m quy&#7873;n ki&#7875;m so&aacute;t m&aacute;y ch&#7911; SharePoint. D&ugrave; Microsoft &#273;&atilde; ph&aacute;t h&agrave;nh b&#7843;n v&aacute; ban &#273;&#7847;u v&agrave;o Patch Tuesday th&aacute;ng 7, c&aacute;c hacker &#273;&atilde; nhanh ch&oacute;ng ph&aacute;t hi&#7879;n ra hai l&#7895; h&#7893;ng m&#7899;i c&oacute; th&#7875; v&#432;&#7907;t qua l&#7899;p b&#7843;o v&#7879; c&#361;, khi&#7871;n h&#7879; th&#7889;ng ti&#7871;p t&#7909;c &#273;&#7889;i m&#7863;t v&#7899;i nguy hi&#7875;m.<\/p>\n<p>C&aacute;c chuy&ecirc;n gia b&#7843;o m&#7853;t cho bi&#7871;t, h&#417;n 54 t&#7893; ch&#7913;c &#273;&atilde; b&#7883; &#7843;nh h&#432;&#7903;ng tr&#7921;c ti&#7871;p v&agrave; con s&#7889; n&agrave;y d&#7921; ki&#7871;n s&#7869; t&#259;ng m&#7841;nh. C&ocirc;ng ty an ninh m&#7841;ng Censys &#432;&#7899;c t&iacute;nh c&oacute; h&#417;n 10.000 m&aacute;y ch&#7911; SharePoint tr&ecirc;n to&agrave;n c&#7847;u &#273;ang ti&#7873;m &#7849;n nguy c&#417; b&#7883; x&acirc;m nh&#7853;p, &#273;&#7863;c bi&#7879;t l&agrave; t&#7841;i M&#7929;, H&agrave; Lan, Anh v&agrave; Canada &#8211; nh&#7919;ng qu&#7889;c gia c&oacute; s&#7889; l&#432;&#7907;ng m&aacute;y ch&#7911; l&#7899;n nh&#7845;t.<\/p>\n<p>C&#417; quan An ninh m&#7841;ng v&agrave; H&#7841; t&#7847;ng Hoa K&#7923; (CISA) c&#361;ng x&aacute;c nh&#7853;n l&#7895; h&#7893;ng n&agrave;y cho ph&eacute;p k&#7867; t&#7845;n c&ocirc;ng truy c&#7853;p h&#7879; th&#7889;ng t&#7879;p, c&#7845;u h&igrave;nh n&#7897;i b&#7897; v&agrave; th&#7921;c thi m&atilde; &#273;&#7897;c t&#7915; xa m&agrave; kh&ocirc;ng c&#7847;n x&aacute;c th&#7921;c. &#272;&#7897;i ng&#361; Google Threat Intelligence c&#7843;nh b&aacute;o l&#7895; h&#7893;ng n&agrave;y cho ph&eacute;p &#8216;truy c&#7853;p kh&ocirc;ng c&#7847;n x&aacute;c th&#7921;c m&#7897;t c&aacute;ch li&ecirc;n t&#7909;c&#8217;, &#273;e d&#7885;a nghi&ecirc;m tr&#7885;ng &#273;&#7871;n c&aacute;c t&#7893; ch&#7913;c b&#7883; &#7843;nh h&#432;&#7903;ng.<\/p>\n<p>C&ocirc;ng ty Palo Alto Networks g&#7885;i &#273;&acirc;y l&agrave; &#8216;m&#7889;i &#273;e d&#7885;a th&#7921;c s&#7921; v&agrave; hi&#7879;n h&#7919;u&#8217; &#273;ang di&#7877;n ra ngo&agrave;i &#273;&#7901;i th&#7921;c, kh&ocirc;ng c&ograve;n &#7903; l&yacute; thuy&#7871;t. &#272;&#7875; gi&#7843;m thi&#7875;u thi&#7879;t h&#7841;i, Microsoft khuy&#7871;n c&aacute;o c&aacute;c qu&#7843;n tr&#7883; vi&ecirc;n SharePoint ngay l&#7853;p t&#7913;c c&#7853;p nh&#7853;t c&aacute;c b&#7843;n v&aacute; t&#432;&#417;ng &#7913;ng v&#7899;i phi&ecirc;n b&#7843;n h&#7879; th&#7889;ng &#273;ang s&#7917; d&#7909;ng. B&#7841;n c&oacute; th&#7875; t&igrave;m hi&#7875;u th&ecirc;m v&#7873; b&#7843;n c&#7853;p nh&#7853;t t&#7841;i &#273;&acirc;y.<\/p>\n<p>Microsoft c&#361;ng cung c&#7845;p h&#432;&#7899;ng d&#7851;n c&#7853;p nh&#7853;t kh&oacute;a m&aacute;y (machine key) cho &#7913;ng d&#7909;ng web b&#7857;ng PowerShell ho&#7863;c Central Admin, sau &#273;&oacute; kh&#7903;i &#273;&#7897;ng l&#7841;i IIS tr&ecirc;n t&#7845;t c&#7843; c&aacute;c m&aacute;y ch&#7911; SharePoint. &#272;&#7891;ng th&#7901;i, c&aacute;c t&#7893; ch&#7913;c n&ecirc;n ti&#7871;n h&agrave;nh ki&#7875;m tra log h&#7879; th&#7889;ng, t&igrave;m ki&#7871;m d&#7845;u v&#7871;t truy c&#7853;p tr&aacute;i ph&eacute;p v&agrave; th&#7921;c hi&#7879;n ph&acirc;n t&iacute;ch m&atilde; &#273;&#7897;c.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft ph\u00e1t h\u00e0nh b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt kh\u1ea9n c\u1ea5p kh\u1eafc ph\u1ee5c hai l\u1ed7 h\u1ed5ng zero-day, CVE-2025-53770 v\u00e0 CVE-2025-53771, tr\u00ean c\u00e1c m\u00e1y ch\u1ee7 SharePoint, c\u00f3 th\u1ec3 cho ph\u00e9p th\u1ef1c thi m\u00e3 t\u1eeb xa. H\u01a1n 10.000 t\u1ed5 ch\u1ee9c c\u00f3 th\u1ec3 b\u1ecb \u1ea3nh h\u01b0\u1edfng. Qu\u1ea3n tr\u1ecb vi\u00ean \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb c\u1eadp nh\u1eadt ngay l\u1eadp t\u1ee9c.<\/p>\n","protected":false},"author":1,"featured_media":8917,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[3],"tags":[70,7277,72,822,817,7278],"class_list":["post-8916","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thoi-su","tag-bao-mat","tag-cap-nhat-khan-cap","tag-cap-nhat-phan-mem","tag-lo-hong-bao-mat","tag-microsoft","tag-sharepoint"],"_links":{"self":[{"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/posts\/8916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/comments?post=8916"}],"version-history":[{"count":0,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/posts\/8916\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/media\/8917"}],"wp:attachment":[{"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/media?parent=8916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/categories?post=8916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nopphatnguoi.vn\/blog\/wp-json\/wp\/v2\/tags?post=8916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}