{"id":47568,"date":"2026-03-20T14:45:58","date_gmt":"2026-03-20T07:45:58","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47568"},"modified":"2026-03-31T14:46:57","modified_gmt":"2026-03-31T07:46:57","slug":"lo-hong-nghiem-trong-trong-sharepoint-cho-phep-tin-tac-thuc-thi-ma-tu-xa","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/lo-hong-nghiem-trong-trong-sharepoint-cho-phep-tin-tac-thuc-thi-ma-tu-xa\/","title":{"rendered":"L\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong SharePoint cho ph\u00e9p tin t\u1eb7c th\u1ef1c thi m\u00e3 t\u1eeb xa"},"content":{"rendered":"
Kh\u00f4ng c\u1ea7n t\u00e0i kho\u1ea3n, kh\u00f4ng c\u1ea7n t\u01b0\u01a1ng t\u00e1c, ch\u1ec9 b\u1eb1ng c\u00e1ch g\u1eedi m\u1ed9t g\u00f3i d\u1eef li\u1ec7u \u0111\u1ed9c h\u1ea1i t\u1edbi m\u00e1y ch\u1ee7, tin t\u1eb7c \u0111\u00e3 c\u00f3 th\u1ec3 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd t\u1eeb xa. K\u1ecbch b\u1ea3n t\u1ed3i t\u1ec7 n\u00e0y \u0111\u00e3 tr\u1edf th\u00e0nh hi\u1ec7n th\u1ef1c khi C\u01a1 quan An ninh m\u1ea1ng v\u00e0 C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng M\u1ef9 (CISA) x\u00e1c nh\u1eadn m\u1ed9t l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng tr\u00ean Microsoft SharePoint \u0111ang b\u1ecb khai th\u00e1c r\u1ed9ng r\u00e3i trong th\u1ef1c t\u1ebf.<\/b>
\n\u200b<\/div>\n
\n
\"SharePoint.png\"<\/div>\n<\/div>\n
Ng\u00e0y 18\/03\/2026, l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u00e3 b\u1ecb \u0111\u01b0a th\u1eb3ng v\u00e0o danh m\u1ee5c C\u00e1c l\u1ed7 h\u1ed5ng b\u1ecb khai th\u00e1c c\u00f4ng khai (KEV). \u0110\u00e2y l\u00e0 m\u1ed9t \u0111\u1ed9ng th\u00e1i b\u00e1o \u0111\u1ed9ng \u0111\u1ecf, x\u00e1c nh\u1eadn r\u1eb1ng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng kh\u00f4ng c\u00f2n n\u1eb1m tr\u00ean l\u00fd thuy\u1ebft m\u00e0 \u0111\u00e3 th\u1ef1c s\u1ef1 x\u1ea3y ra trong m\u00f4i tr\u01b0\u1eddng m\u1ea1ng th\u1ef1c t\u1ebf, bu\u1ed9c c\u00e1c qu\u1ea3n tr\u1ecb vi\u00ean ph\u1ea3i h\u00e0nh \u0111\u1ed9ng ngay l\u1eadp t\u1ee9c.<\/p>\n

L\u1ed7 h\u1ed5ng c\u00f3 m\u00e3 \u0111\u1ecbnh danh l\u00e0 CVE-2026-20963. D\u00f9 c\u00e1c c\u01a1 quan x\u1ebfp h\u1ea1ng b\u1ea3o m\u1eadt ch\u00ednh th\u1ee9c ch\u01b0a c\u00f4ng b\u1ed1 \u0111i\u1ec3m s\u1ed1 cu\u1ed1i c\u00f9ng, nh\u01b0ng d\u1ef1a tr\u00ean m\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng, nhi\u1ec1u ngu\u1ed3n tin chuy\u00ean gia \u0111\u00e3 t\u1ea1m th\u1eddi \u0111\u00e1nh gi\u00e1 l\u1ed7 h\u1ed5ng n\u00e0y \u1edf m\u1ee9c Critical v\u1edbi \u0111i\u1ec3m CVSS l\u00e0 9.8, ng\u01b0\u1ee1ng nguy hi\u1ec3m g\u1ea7n nh\u01b0 tuy\u1ec7t \u0111\u1ed1i. Sai s\u00f3t n\u00e0y ph\u00e1t sinh t\u1eeb c\u01a1 ch\u1ebf deserialization c\u1ee7a SharePoint, m\u1ed9t qu\u00e1 tr\u00ecnh chuy\u1ec3n \u0111\u1ed5i d\u1eef li\u1ec7u t\u1eeb d\u1ea1ng l\u01b0u tr\u1eef ng\u01b0\u1ee3c tr\u1edf l\u1ea1i th\u00e0nh c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng ho\u1ea1t \u0111\u1ed9ng trong b\u1ed9 nh\u1edb.<\/p>\n

V\u1ea5n \u0111\u1ec1 n\u1eb1m \u1edf ch\u1ed7, khi h\u1ec7 th\u1ed1ng thi\u1ebfu c\u00e1c b\u1ed9 l\u1ecdc ki\u1ec3m tra an to\u00e0n, ch\u00ednh c\u01a1 ch\u1ebf n\u00e0y l\u1ea1i m\u1edf ra “c\u1eeda h\u1eadu” cho m\u00e3 \u0111\u1ed9c. Tin t\u1eb7c c\u00f3 th\u1ec3 g\u1eedi \u0111i c\u00e1c g\u00f3i d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf c\u00f3 ch\u1ee7 \u0111\u00edch \u0111\u1ec3 \u0111\u00e1nh l\u1eeba m\u00e1y ch\u1ee7, khi\u1ebfn h\u1ec7 th\u1ed1ng t\u1ef1 \u0111\u1ed9ng th\u1ef1c thi c\u00e1c l\u1ec7nh \u0111\u1ed9c h\u1ea1i ngay trong qu\u00e1 tr\u00ecnh x\u1eed l\u00fd d\u1eef li\u1ec7u. Vi\u1ec7c CISA \u0111\u01b0a CVE-2026-20963 v\u00e0o danh m\u1ee5c KEV ch\u00ednh l\u00e0 minh ch\u1ee9ng r\u00f5 nh\u1ea5t cho th\u1ea5y \u0111\u1ed9 nguy hi\u1ec3m c\u1ee7a n\u00f3 \u0111\u00e3 v\u01b0\u1ee3t xa c\u00e1c con s\u1ed1 l\u00fd thuy\u1ebft tr\u00ean gi\u1ea5y t\u1edd.<\/p>\n

\u0110i\u1ec3m nguy hi\u1ec3m nh\u1ea5t n\u1eb1m \u1edf ch\u1ed7 to\u00e0n b\u1ed9 chu\u1ed7i t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 di\u1ec5n ra ho\u00e0n to\u00e0n t\u1eeb xa v\u00e0 kh\u00f4ng y\u00eau c\u1ea7u b\u1ea5t k\u1ef3 quy\u1ec1n x\u00e1c th\u1ef1c n\u00e0o. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 \u0111i th\u1eb3ng t\u1eeb b\u00ean ngo\u00e0i v\u00e0o h\u1ec7 th\u1ed1ng, gi\u00e0nh quy\u1ec1n th\u1ef1c thi m\u00e3 tr\u00ean m\u00e1y ch\u1ee7 m\u00e0 kh\u00f4ng c\u1ea7n th\u00f4ng tin \u0111\u0103ng nh\u1eadp hay b\u1ea5t k\u1ef3 s\u1ef1 t\u01b0\u01a1ng t\u00e1c n\u00e0o t\u1eeb ph\u00eda ng\u01b0\u1eddi d\u00f9ng. V\u1edbi m\u1ed9t n\u1ec1n t\u1ea3ng nh\u01b0 Microsoft SharePoint, n\u01a1i t\u1eadp trung to\u00e0n b\u1ed9 t\u00e0i li\u1ec7u n\u1ed9i b\u1ed9 v\u00e0 c\u00e1c d\u1eef li\u1ec7u quan tr\u1ecdng c\u1ee7a doanh nghi\u1ec7p, l\u1ed7 h\u1ed5ng n\u00e0y g\u1ea7n nh\u01b0 \u0111\u1eb7t to\u00e0n b\u1ed9 h\u1ea1 t\u1ea7ng th\u00f4ng tin v\u00e0o tr\u1ea1ng th\u00e1i r\u1ee7i ro cao nh\u1ea5t.<\/p>\n

D\u00f9 danh t\u00ednh c\u1ee7a c\u00e1c nh\u00f3m tin t\u1eb7c \u0111\u1ee9ng sau v\u1eabn ch\u01b0a \u0111\u01b0\u1ee3c ti\u1ebft l\u1ed9, c\u00e1c chuy\u00ean gia b\u1ea3o m\u1eadt nh\u1eadn \u0111\u1ecbnh r\u1eb1ng nh\u1eefng l\u1ed7 h\u1ed5ng nh\u01b0 CVE-2026-20963 lu\u00f4n l\u00e0 m\u1ee5c ti\u00eau s\u0103n \u0111\u00f3n h\u00e0ng \u0111\u1ea7u c\u1ee7a c\u00e1c b\u0103ng \u0111\u1ea3ng ransomware. M\u1ed9t khi \u0111\u00e3 x\u00e2m nh\u1eadp th\u00e0nh c\u00f4ng v\u00e0o m\u1ea1ng n\u1ed9i b\u1ed9, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 di chuy\u1ec3n ngang \u0111\u1ec3 leo thang \u0111\u1eb7c quy\u1ec1n v\u00e0 ti\u1ebfn h\u00e0nh m\u00e3 h\u00f3a d\u1eef li\u1ec7u nh\u1eb1m t\u1ed1ng ti\u1ec1n doanh nghi\u1ec7p.<\/p>\n

T\u00ednh ch\u1ea5t c\u1ea5p b\u00e1ch c\u1ee7a l\u1ed7 h\u1ed5ng n\u00e0y c\u00f2n \u0111\u01b0\u1ee3c th\u1ec3 hi\u1ec7n qua th\u1eddi h\u1ea1n kh\u1eafc ph\u1ee5c k\u1ef7 l\u1ee5c m\u00e0 CISA \u0111\u1eb7t ra. Theo \u0111\u00f3, c\u00e1c t\u1ed5 ch\u1ee9c thu\u1ed9c ch\u00ednh ph\u1ee7 li\u00ean bang M\u1ef9 ch\u1ec9 c\u00f3 v\u1ecfn v\u1eb9n 3 ng\u00e0y \u0111\u1ec3 ho\u00e0n t\u1ea5t vi\u1ec7c v\u00e1 l\u1ed7i ho\u1eb7c tri\u1ec3n khai c\u00e1c bi\u1ec7n ph\u00e1p ng\u0103n ch\u1eb7n r\u1ee7i ro. \u0110\u1ed1i v\u1edbi c\u00e1c doanh nghi\u1ec7p t\u1ea1i Vi\u1ec7t Nam, \u0111\u00e2y c\u0169ng \u0111\u01b0\u1ee3c xem l\u00e0 “gi\u1edd G” \u0111\u1ec3 r\u00e0 so\u00e1t l\u1ea1i to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng SharePoint \u0111ang v\u1eadn h\u00e0nh.<\/p>\n

Tr\u01b0\u1edbc nh\u1eefng di\u1ec5n bi\u1ebfn ph\u1ee9c t\u1ea1p, c\u00e1c qu\u1ea3n tr\u1ecb vi\u00ean m\u1ea1ng \u0111\u01b0\u1ee3c khuy\u1ebfn c\u00e1o c\u1ea7n ngay l\u1eadp t\u1ee9c \u00e1p d\u1ee5ng c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt ch\u00ednh th\u1ee9c t\u1eeb Microsoft. Trong tr\u01b0\u1eddng h\u1ee3p ch\u01b0a th\u1ec3 th\u1ef1c hi\u1ec7n vi\u1ec7c v\u00e1 l\u1ed7i ngay l\u1eadp t\u1ee9c v\u00ec r\u00e0o c\u1ea3n k\u1ef9 thu\u1eadt, \u0111\u01a1n v\u1ecb v\u1eadn h\u00e0nh c\u1ea7n c\u00f4 l\u1eadp h\u1ec7 th\u1ed1ng ho\u1eb7c \u00e1p d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p gi\u1ea3m thi\u1ec3u theo h\u01b0\u1edbng d\u1eabn c\u1ee7a nh\u00e0 s\u1ea3n xu\u1ea5t. Th\u1eadm ch\u00ed, vi\u1ec7c t\u1ea1m d\u1eebng s\u1eed d\u1ee5ng d\u1ecbch v\u1ee5 l\u00e0 \u0111i\u1ec1u c\u1ea7n \u0111\u01b0\u1ee3c c\u00e2n nh\u1eafc n\u1ebfu kh\u00f4ng th\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n cho lu\u1ed3ng d\u1eef li\u1ec7u c\u1ed1t l\u00f5i c\u1ee7a t\u1ed5 ch\u1ee9c.
\n\u200b<\/p><\/div>\n

Theo Cyber Security News<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"

Kh\u00f4ng c\u1ea7n t\u00e0i kho\u1ea3n, kh\u00f4ng c\u1ea7n t\u01b0\u01a1ng t\u00e1c, ch\u1ec9 b\u1eb1ng c\u00e1ch g\u1eedi m\u1ed9t g\u00f3i d\u1eef li\u1ec7u \u0111\u1ed9c h\u1ea1i t\u1edbi m\u00e1y ch\u1ee7, tin t\u1eb7c \u0111\u00e3 c\u00f3 th\u1ec3 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd t\u1eeb xa. K\u1ecbch b\u1ea3n t\u1ed3i t\u1ec7 n\u00e0y \u0111\u00e3 tr\u1edf th\u00e0nh hi\u1ec7n th\u1ef1c khi C\u01a1 quan An ninh m\u1ea1ng v\u00e0 C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng M\u1ef9 […]<\/p>\n","protected":false},"author":20,"featured_media":47569,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-47568","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47568"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47568\/revisions"}],"predecessor-version":[{"id":47570,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47568\/revisions\/47570"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47569"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}