【資安漏洞預警】CISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/05-2026/01/11)

【資安漏洞預警】CISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/05-2026/01/11)
[Security Vulnerability Alert] CISA adds two known vulnerabilities exploited by hackers to the KEV directory (2026/01/05-2026/01/11)

發布單位：圖資處數位服務組

日期範圍：2026/1/14 ～ 2026/7/14

發布單位：圖資處數位服務組

日期範圍：2026/1/14 ～ 2026/7/14

行政行政公告

全體

轉發台灣電腦網路危機處理暨協調中心資安訊息警訊 TWCERTCC-200-202601-00000006

[內容說明]
【CVE-2009-0556】Microsoft Office PowerPoint Code Injection Vulnerability (CVSS v3.1: 8.8)
【是否遭勒索軟體利用:未知】 Microsoft Office PowerPoint存在程式碼注入漏洞，遠端攻擊者可透過包含無效索引值的OutlineTextRefAtom的PowerPoint檔案觸發記憶體損毀，進而執行任意程式碼。

【CVE-2025-37164】Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability (CVSS v3.1: 10.0)
【是否遭勒索軟體利用:未知】 Hewlett Packard Enterprise(HPE) OneView 存在程式碼注入漏洞，允許未經驗證的遠端使用者進行遠端程式碼執行。

[影響平台]
【CVE-2009-0556】請參考官方所列的影響版本 https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

【CVE-2025-37164】請參考官方所列的影響版本 https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free

[建議措施]
【CVE-2009-0556】官方已針對漏洞釋出修復更新，請更新至相關版本 https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

【CVE-2025-37164】官方已針對漏洞釋出修復更新，請更新至相關版本 https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000006

[Content Description]
【CVE-2009-0556】Microsoft Office PowerPoint Code Injection Vulnerability (CVSS v3.1: 8.8)
【Exploitation by Ransomware: Unknown】 Microsoft Office PowerPoint contains a code injection vulnerability. A remote attacker could trigger memory corruption in a PowerPoint file containing an invalid index value (OutlineTextRefAtom), thereby executing arbitrary code.

【CVE-2025-37164】Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability (CVSS v3.1: 10.0)
【Exploited by Ransomware: Unknown】 A code injection vulnerability exists in Hewlett Packard Enterprise (HPE) OneView, allowing unauthenticated remote users to execute remote code.

[Affected Platforms]
【CVE-2009-0556】Please refer to the official list of affected versions: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

【CVE-2025-37164】Please refer to the official list of affected versions: https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free

[Recommended Actions]
【CVE-2009-0556】An official patch update has been released for this vulnerability. Please update to the relevant version: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

【CVE-2025-37164】 An official patch has been released to fix the vulnerability. Please update to the relevant version: https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free

【資安漏洞預警】CISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/05-2026/01/11)
[Security Vulnerability Alert] CISA adds two known vulnerabilities exploited by hackers to the KEV directory (2026/01/05-2026/01/11)

發布單位：圖資處數位服務組

日期範圍：2026/1/14 ～ 2026/7/14

行政行政公告

全體

相關附件

無

【返回上頁】

【資安漏洞預警】CISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/05-2026/01/11) [Security Vulnerability Alert] CISA adds two known vulnerabilities exploited by hackers to the KEV directory (2026/01/05-2026/01/11)

發布單位：圖資處數位服務組

日期範圍：2026/1/14 ～ 2026/7/14

行政 行政公告

全體

相關附件

無

【返回上頁】

【資安漏洞預警】CISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/05-2026/01/11)
[Security Vulnerability Alert] CISA adds two known vulnerabilities exploited by hackers to the KEV directory (2026/01/05-2026/01/11)

行政行政公告