嗯,用户让我总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头。好的,我先仔细看看文章说了什么。 文章主要讲的是美国网络安全和基础设施安全局(CISA)在周四发布了一批新的漏洞,这些漏洞影响了SolarWinds、苹果、微软和Notepad++等公司的产品。联邦机构需要在不到一个月的时间内修复这些漏洞,其中SolarWinds的一个漏洞甚至要在周日之前修补。 SolarWinds的这个漏洞影响的是他们的Web Help Desk平台,这个平台被很多大型组织用来处理票务和资产管理。之前SolarWinds就被俄罗斯黑客攻击过,所以这次的问题可能挺严重的。 苹果这边有一个影响iOS、macOS等多个系统的漏洞,是被Google Threat Analysis Group发现的。Notepad++被发现有漏洞,是被中国支持的黑客攻击的。微软这次有六个漏洞被加入到CISA的列表中,其中三个是安全功能绕过型的,影响Windows组件。 文章还提到CISA去年添加了238个高风险漏洞到他们的目录中,并且预计2026年会有创纪录数量的漏洞披露,可能达到5万到10万之间。 用户的需求是让中文总结控制在100字以内。所以我要抓住关键点:CISA发布多起高危漏洞,涉及SolarWinds、苹果、微软和Notepad++;要求联邦机构一个月内修复;SolarWinds需紧急修补;苹果和Notepad++也受影响;微软多个安全问题;预计2026年漏洞数量创新高。 现在把这些信息浓缩成100字以内的描述。确保涵盖主要公司、问题严重性以及修复时间限制。 </think> 美国网络安全机构CISA发布多起高危漏洞,涉及SolarWinds、苹果、微软和Notepad++等产品。联邦机构需在一月内修复问题,部分需紧急处理。SolarWinds曾遭俄黑客攻击。苹果披露iOS等系统漏洞;Notepad++遭中资黑客攻击;微软六处漏洞被利用。机构称去年添加238个高风险漏洞,预计2026年披露量或创纪录。 2026-2-13 15:1:3 Author: therecord.media(查看原文) 阅读量:1 收藏
Vulnerabilities impacting critical products from SolarWinds, Apple, Microsoft and Notepad++ will have to be resolved by federal agencies in less than one month after being spotlighted by the nation’s cyber defense agency on Thursday. The Cybersecurity and Infrastructure Security Agency (CISA) added ten new vulnerabilities to its catalog of exploited bugs this week, forcing all federal civilian agencies to resolve the issues by the first week of March — one vulnerability, SolarWinds’ CVE-2025-40536, will have to be patched by federal civilian agencies by Sunday. Patches for the bug were released by SolarWinds on January 28. The issue affects SolarWinds Web Help Desk, an IT service management platform used by many large organizations to handle ticketing, asset tracking and other tasks. The tool helps companies centralize IT support operations. Last week, CISA gave federal agencies only four days to patch another vulnerability affecting the SolarWinds Web Help Desk platform that was initially released alongside CVE-2025-40536. SolarWinds is widely used across the federal government and was previously targeted by Russian hackers as part of one of the largest nation-state attacks in U.S. history. The other bugs added to CISA’s Known Exploited Vulnerabilities list this week include CVE-2026-20700 — an issue disclosed by Apple on Thursday impacting Apple iOS, macOS, tvOS, watchOS and visionOS. Apple said in an advisory that it is “aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.” Two other related vulnerabilities, CVE-2025-14174 and CVE-2025-43529, were also issued in response to the attack report, Apple explained. Google Threat Analysis Group discovered the bug. Alongside the Apple vulnerability, CISA warned of CVE-2025-15556 — a vulnerability that was discovered last year when suspected Chinese state-sponsored hackers attacked popular text editor Notepad++. Notepad++, a free and open-source editor widely used by tech workers, has millions of users worldwide. Notepad++ issued a fix for the issue in December after a Chinese state-sponsored group known as Lotus Blossom targeted “specific high-value organizations” during an attack in June 2025. Following Microsoft’s Patch Tuesday release, CISA also added six of the company’s vulnerabilities to the catalog, confirming that they have been exploited in the wild by threat actors. The bugs impact a variety of popular products including Microsoft Office, Windows and other tools. Among the six bugs, many experts focused on the three security feature bypass vulnerabilities — CVE-2026-21510, CVE-2026-21513 and CVE-2026-21514. “All three have been publicly disclosed and reported as being exploited in the wild. These types of vulnerabilities allow an attacker to circumvent, disable, or effectively ignore standard security mechanisms,” said Natalie Silva, lead cyber security engineer at Immersive. “The affected Windows components are MSHTML, Windows Shell, and Microsoft Word. In all cases, Microsoft notes that user interaction is required, meaning an attacker would need to convince a user to open a malicious file.” CISA published its annual report this week and touted the success of the Known Exploited Vulnerabilities catalog, noting that it added 238 high-risk vulnerabilities to the list in fiscal year 2025. Cybersecurity experts have warned that 2026 is likely to break records for the number of vulnerabilities disclosed. FIRST, a prominent forum of incident response and security teams, forecasted that 2026 will be the first year more than 50,000 CVEs will be published. “While our central estimate for 2026 hovers around 59,000, we believe it is entirely realistic that this year we reach 70,000 to 100,000 vulnerabilities. The upper bound of our 90% confidence interval sits at nearly 118,000 — a number that would represent a paradigm shift in vulnerability management workloads,” FIRST said. “We think it is more likely to be closer to 60k, but it is important that we prepare for more extreme scenarios such as 70 or 80k as well.” Apple, Notepad++ and Microsoft
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
如有侵权请联系:admin#unsafe.sh