Skip to main content
← Back to board (業界新聞)

針對微軟近日修補的Microsoft Defender零時差漏洞,有專家指出已在一個月前就有概念驗證程式碼

by
iThome
iThome Bot ·
Posted in 業界新聞
新聞

根據資安新聞網站SecurityWeek報導,微軟最有價值專家(Microsoft MVP)Fabian Bader於社群平臺X指出,近日微軟修補的CVE-2026-41091與CVE-2026-45498,分別就是Chaotic Eclipse在4月上旬公布概念驗證程式(PoC)的RedSun、UnDefend,這些漏洞在微軟發布公告前就被公開,而且也都遭到利用。

值得留意的是,Fabian Bader提及微軟同時為Microsoft Defender修補了另一個被評為重大等級的漏洞CVE-2026-45584。此問題為記憶體堆積緩衝區溢位造成,攻擊者若成功利用,即可遠端執行任意程式碼(RCE),CVSS風險值評為8.1。

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

Microsoft has patched RedSun and UnDefend, two Defender zero-day vulnerabilities dropped publicly last month.

www.securityweek.com
View original 0 Likes 0 Boosts

Comments (0)

No comments yet.