轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202604-00000010

[內容說明]
近日Palo Alto Networks發布重大資安公告(CVE-2026-0234，CVSS：8.8)，Cortex XSOAR 和 Cortex XSIAM 平台整合 Microsoft Teams 時，存在加密簽章不當漏洞，允許未經身分驗證的攻擊者存取或竄改受保護的資源。

[影響平台]
Cortex XSIAM Microsoft Teams Marketplace 1.5.52 (不含)之前版本
Cortex XSOAR Microsoft Teams Marketplace 1.5.52 (不含)之前版本

[建議措施]
請更新至以下版本
Cortex XSIAM Microsoft Teams Marketplace 1.5.52(含)之後版本
Cortex XSOAR Microsoft Teams Marketplace 1.5.52(含)之後版本

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10830-9aaae-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202604-00000010

[Content Description]
Palo Alto Networks recently released a critical cybersecurity bulletin (CVE-2026-0234, CVSS: 8.8) stating that a vulnerability exists in the integration of Microsoft Teams with the Cortex XSOAR and Cortex XSIAM platforms due to improper encryption signatures. This vulnerability allows unauthorized attackers to access or tamper with protected resources.

[Affected Platforms]
Cortex XSIAM versions prior to Microsoft Teams Marketplace 1.5.52
Cortex XSOAR versions prior to Microsoft Teams Marketplace 1.5.52

[Recommended Actions]
Please update to the following versions:
Cortex XSIAM versions from Microsoft Teams Marketplace 1.5.52 onwards
Cortex XSOAR versions from Microsoft Teams Marketplace 1.5.52 onwards

[References]
1. https://www.twcert.org.tw/tw/cp-169-10830-9aaae-1.html