{"id":47719,"date":"2026-04-16T23:52:14","date_gmt":"2026-04-16T16:52:14","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47719"},"modified":"2026-04-23T23:55:14","modified_gmt":"2026-04-23T16:55:14","slug":"patch-tuesday-thang-4-2026-va-hon-160-lo-hong-xuat-hien-zero-day-bi-khai-thac","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/patch-tuesday-thang-4-2026-va-hon-160-lo-hong-xuat-hien-zero-day-bi-khai-thac\/","title":{"rendered":"Patch Tuesday th\u00e1ng 4\/2026: V\u00e1 h\u01a1n 160 l\u1ed7 h\u1ed5ng, xu\u1ea5t hi\u1ec7n zero-day b\u1ecb khai th\u00e1c"},"content":{"rendered":"<div><b>\u0110\u1ebfn h\u1eb9n l\u1ea1i l\u00ean, Patch Tuesday th\u00e1ng 4\/2026 c\u1ee7a Microsoft \u0111\u00e3 tung b\u1ea3n v\u00e1 cho t\u1ed5ng c\u1ed9ng 165 l\u1ed7 h\u1ed5ng, tr\u1edf th\u00e0nh m\u1ed9t trong nh\u1eefng \u0111\u1ee3t c\u1eadp nh\u1eadt l\u1edbn nh\u1ea5t t\u1eeb \u0111\u1ea7u n\u0103m 2026 \u0111\u1ebfn nay. \u0110\u00e1ng ch\u00fa \u00fd l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng zero-day tr\u00ean Microsoft SharePoint Server \u0111\u00e3 b\u1ecb khai th\u00e1c tr\u01b0\u1edbc khi c\u00f3 b\u1ea3n v\u00e1.<\/b><br \/>\n\u200b<\/div>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1776240069423.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1776240069423-png.18863\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"1776240069423.png\" src=\"https:\/\/whitehat.vn\/attachments\/1776240069423-png.18863\/\" alt=\"1776240069423.png\" width=\"856\" height=\"508\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<p>\u200b<\/p><\/div>\n<div>\nL\u1ed7 h\u1ed5ng c\u00f3 m\u00e3 \u0111\u1ecbnh danh CVE-2026-32201, thu\u1ed9c nh\u00f3m \u201cspoofing\u201d (gi\u1ea3 m\u1ea1o), b\u1eaft ngu\u1ed3n t\u1eeb vi\u1ec7c ki\u1ec3m tra d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o kh\u00f4ng \u0111\u1ea7y \u0111\u1ee7. L\u1ed7i n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng g\u1eedi c\u00e1c y\u00eau c\u1ea7u \u0111\u01b0\u1ee3c \u201cng\u1ee5y trang\u201d h\u1ee3p l\u1ec7, t\u1eeb \u0111\u00f3 \u0111\u00e1nh l\u1eeba h\u1ec7 th\u1ed1ng ho\u1eb7c ng\u01b0\u1eddi d\u00f9ng tin r\u1eb1ng ch\u00fang \u0111\u1ebfn t\u1eeb ngu\u1ed3n \u0111\u00e1ng tin c\u1eady. N\u1ebfu khai th\u00e1c th\u00e0nh c\u00f4ng, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 truy c\u1eadp ho\u1eb7c ch\u1ec9nh s\u1eeda d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m trong h\u1ec7 th\u1ed1ng SharePoint m\u00e0 kh\u00f4ng c\u1ea7n quy\u1ec1n h\u1ee3p l\u1ec7 ban \u0111\u1ea7u.<\/p>\n<p>D\u00f9 ch\u1ec9 c\u00f3 \u0111i\u1ec3m CVSS 6,5 nh\u01b0ng vi\u1ec7c l\u1ed7 h\u1ed5ng \u0111\u00e3 b\u1ecb khai th\u00e1c \u0111\u00e3 khi\u1ebfn r\u1ee7i ro gia t\u0103ng. N\u1ebfu CVE-2026-32201 k\u1ebft h\u1ee3p v\u1edbi c\u00e1c l\u1ed7 h\u1ed5ng kh\u00e1c th\u00ec s\u1ebd h\u00ecnh th\u00e0nh chu\u1ed7i t\u1ea5n c\u00f4ng ho\u00e0n ch\u1ec9nh, gi\u00fap v\u01b0\u1ee3t qua nhi\u1ec1u l\u1edbp ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt. L\u1ed7 h\u1ed5ng n\u00e0y c\u0169ng \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u01b0a v\u00e0o danh m\u1ee5c KEV c\u1ee7a CISA v\u00e0 \u0111\u01b0\u1ee3c y\u00eau c\u1ea7u kh\u1ea9n tr\u01b0\u01a1ng v\u00e1 l\u1ed7i.<\/p>\n<p>B\u00ean c\u1ea1nh \u0111\u00f3, Microsoft c\u0169ng c\u1ea3nh b\u00e1o g\u1ea7n 20 l\u1ed7 h\u1ed5ng kh\u00e1c c\u00f3 kh\u1ea3 n\u0103ng cao s\u1ebd s\u1edbm b\u1ecb khai th\u00e1c. Trong s\u1ed1 n\u00e0y, c\u00f3 m\u1ed9t l\u1ed7i leo thang \u0111\u1eb7c quy\u1ec1n tr\u00ean Microsoft Defender \u0111\u00e3 b\u1ecb c\u00f4ng b\u1ed1 tr\u01b0\u1edbc khi b\u1ea3n v\u00e1 \u0111\u01b0\u1ee3c ph\u00e1t h\u00e0nh. Nh\u1eefng \u0111i\u1ec3m y\u1ebfu ki\u1ec3u n\u00e0y th\u01b0\u1eddng \u0111\u00f3ng vai tr\u00f2 then ch\u1ed1t trong giai \u0111o\u1ea1n sau c\u1ee7a t\u1ea5n c\u00f4ng, khi m\u00e0 k\u1ebb x\u00e2m nh\u1eadp t\u00ecm c\u00e1ch n\u00e2ng quy\u1ec1n ki\u1ec3m so\u00e1t \u0111\u1ec3 chi\u1ebfm to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng.<\/p>\n<p>M\u1ed9t \u0111i\u1ec3m \u0111\u00e1ng l\u01b0u \u00fd l\u00e0 nhi\u1ec1u l\u1ed7 h\u1ed5ng n\u1eb1m trong c\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh c\u1ee7a Windows nh\u01b0 c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c, qu\u1ea3n l\u00fd b\u1ed9 nh\u1edb, m\u00e3 h\u00f3a \u1ed5 \u0111\u0129a hay giao th\u1ee9c m\u1ea1ng. \u0110i\u1ec1u n\u00e0y cho th\u1ea5y b\u1ec1 m\u1eb7t t\u1ea5n c\u00f4ng kh\u00f4ng ch\u1ec9 n\u1eb1m \u1edf \u1ee9ng d\u1ee5ng b\u00ean ngo\u00e0i m\u00e0 c\u00f2n \u0103n s\u00e2u v\u00e0o h\u1ec7 \u0111i\u1ec1u h\u00e0nh, t\u1ea1o \u0111i\u1ec1u ki\u1ec7n cho c\u00e1c k\u1ecbch b\u1ea3n t\u1ea5n c\u00f4ng ph\u1ee9c t\u1ea1p nh\u01b0 di chuy\u1ec3n ngang ho\u1eb7c \u1ea9n n\u00e1u l\u00e2u d\u00e0i trong h\u1ec7 th\u1ed1ng.<\/p>\n<p>V\u1edbi xu h\u01b0\u1edbng SharePoint ng\u00e0y c\u00e0ng tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau \u01b0a th\u00edch c\u1ee7a tin t\u1eb7c, \u0111\u1eb7c bi\u1ec7t trong c\u00e1c chi\u1ebfn d\u1ecbch APT v\u00e0 ransomware, s\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a m\u1ed9t zero-day \u0111ang b\u1ecb khai th\u00e1c l\u00e0 t\u00edn hi\u1ec7u \u0111\u1ecf. C\u00e1c t\u1ed5 ch\u1ee9c s\u1eed d\u1ee5ng SharePoint c\u1ea7n \u01b0u ti\u00ean c\u1eadp nh\u1eadt b\u1ea3n v\u00e1, \u0111\u1ed3ng th\u1eddi r\u00e0 so\u00e1t nh\u1eadt k\u00fd truy c\u1eadp \u0111\u1ec3 ph\u00e1t hi\u1ec7n d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng, nh\u1ea5t l\u00e0 c\u00e1c h\u00e0nh vi gi\u1ea3 m\u1ea1o ho\u1eb7c truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o t\u00e0i li\u1ec7u n\u1ed9i b\u1ed9.<\/p>\n<p>\u0110\u1ee3t v\u00e1 l\u1ed7i l\u1ea7n n\u00e0y kh\u00f4ng ch\u1ec9 ph\u1ea3n \u00e1nh quy m\u00f4 ng\u00e0y c\u00e0ng l\u1edbn c\u1ee7a h\u1ec7 sinh th\u00e1i ph\u1ea7n m\u1ec1m doanh nghi\u1ec7p, m\u00e0 c\u00f2n nh\u1ea5n m\u1ea1nh c\u00e1c l\u1ed7 h\u1ed5ng c\u00f3 th\u1ec3 nhanh ch\u00f3ng b\u1ecb v\u0169 kh\u00ed h\u00f3a ngay khi xu\u1ea5t hi\u1ec7n. Vi\u1ec7c c\u1eadp nh\u1eadt k\u1ecbp th\u1eddi v\u00e0 gi\u00e1m s\u00e1t li\u00ean t\u1ee5c v\u1eabn l\u00e0 tuy\u1ebfn ph\u00f2ng th\u1ee7 quan tr\u1ecdng nh\u1ea5t tr\u01b0\u1edbc c\u00e1c m\u1ed1i \u0111e d\u1ecda ng\u00e0y c\u00e0ng tinh vi.<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u0110\u1ebfn h\u1eb9n l\u1ea1i l\u00ean, Patch Tuesday th\u00e1ng 4\/2026 c\u1ee7a Microsoft \u0111\u00e3 tung b\u1ea3n v\u00e1 cho t\u1ed5ng c\u1ed9ng 165 l\u1ed7 h\u1ed5ng, tr\u1edf th\u00e0nh m\u1ed9t trong nh\u1eefng \u0111\u1ee3t c\u1eadp nh\u1eadt l\u1edbn nh\u1ea5t t\u1eeb \u0111\u1ea7u n\u0103m 2026 \u0111\u1ebfn nay. \u0110\u00e1ng ch\u00fa \u00fd l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng zero-day tr\u00ean Microsoft SharePoint Server \u0111\u00e3 b\u1ecb khai th\u00e1c tr\u01b0\u1edbc khi c\u00f3 [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":47720,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[4,24,35],"tags":[],"class_list":["post-47719","post","type-post","status-publish","format-standard","has-post-thumbnail","category-kien-thuc-an-toan-thong-tin","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47719"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47719\/revisions"}],"predecessor-version":[{"id":47721,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47719\/revisions\/47721"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47720"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}