近期電腦作業系統更新的災情頻傳! 部分電腦用戶在對 NVMe SSD 及 HDD 進行大量寫入操作（特別是連續寫入接近 50GB，或硬碟容量使用超過 60% 時），發現硬碟會從系統中消失，即便重新開機後硬碟會再度顯示，但只要繼續傳輸大檔案，就會再次發生故障。此 Bug 不但可能導致檔案損毀，對 SSD 而言更是致命，因為反覆嘗試傳輸會加速耗損 SSD 的寫入壽命。

 

ASUSTOR 再次提醒大家養成定期備份的好習慣！

在 Windows 系統上建立備份計畫: https://www.asustor.com/online/College_topic?topic=253

在 macOS 系統上建立備份計畫: https://www.asustor.com/online/College_topic?topic=108

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as "C:\Program.exe". If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.
Affected products and versions include: ABP (ASUSTOR Backup Plan) 2.0.7.6130 and earlier as well as AES (ASUSTOR EZSync) 1.0.6.6133 and earlier.

• The issue has been fixed on ABP (ASUSTOR Backup Plan) 2.0.7.6131 and AES (ASUSTOR EZSync) 1.0.6.6134.

An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data.
Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.

• The issue has been fixed on ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1.

A stored Cross-Site Scripting (XSS) vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, which may then access cookies or other sensitive information retained by the browser and used with the affected applications.

Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier, and Text Editor 1.0.0.r112 and earlier.

• The issue has been fixed on ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1.