{"id":1106678,"date":"2024-01-18T09:38:31","date_gmt":"2024-01-18T11:38:31","guid":{"rendered":"https:\/\/teknomers.com\/fr\/les-failles-pixiefail-uefi-exposent-des-millions-dordinateurs-au-rce-au-dos-et-au-vol-de-donnees\/"},"modified":"2024-01-18T09:38:35","modified_gmt":"2024-01-18T11:38:35","slug":"les-failles-pixiefail-uefi-exposent-des-millions-dordinateurs-au-rce-au-dos-et-au-vol-de-donnees","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/les-failles-pixiefail-uefi-exposent-des-millions-dordinateurs-au-rce-au-dos-et-au-vol-de-donnees\/","title":{"rendered":"Les failles PixieFail UEFI exposent des millions d&#8217;ordinateurs au RCE, au DoS et au vol de donn\u00e9es"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">18 janvier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9\/vuln\u00e9rabilit\u00e9 du micrologiciel<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Les-failles-PixieFail-UEFI-exposent-des-millions-dordinateurs-au-RCE.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Plusieurs vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es dans la pile de protocole r\u00e9seau TCP\/IP d&#8217;une impl\u00e9mentation de r\u00e9f\u00e9rence open source de Unified Extensible Firmware Interface (<a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Unified_Extensible_Firmware_Interface\" target=\"_blank\">UEFI<\/a>) sp\u00e9cification largement utilis\u00e9e dans les ordinateurs modernes.<\/p>\n<p>Collectivement doubl\u00e9 <strong>Pixie\u00c9chec<\/strong> par Quarkslab, le <a rel=\"nofollow noopener\" href=\"https:\/\/blog.quarkslab.com\/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html\" target=\"_blank\">neuf num\u00e9ros<\/a> r\u00e9sident dans le kit de d\u00e9veloppement TianoCore EFI II (EDK II) et pourrait \u00eatre exploit\u00e9 pour r\u00e9aliser l&#8217;ex\u00e9cution de code \u00e0 distance, un d\u00e9ni de service (DoS), un empoisonnement du cache DNS et une fuite d&#8217;informations sensibles.<\/p>\n<p>Micrologiciel UEFI \u2013 qui est responsable de <a rel=\"nofollow noopener\" href=\"https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/drivers\/bringup\/boot-and-uefi\" target=\"_blank\">d\u00e9marrer le syst\u00e8me d&#8217;exploitation<\/a> \u2013 d\u2019AMI, Intel, Insyde et Phoenix Technologies sont impact\u00e9s par les manquements.<\/p>\n<p>EDK II int\u00e8gre sa propre pile TCP\/IP appel\u00e9e <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/tianocore\/tianocore.github.io\/wiki\/NetworkPkg\" target=\"_blank\">R\u00e9seauPkg<\/a> pour activer les fonctionnalit\u00e9s r\u00e9seau disponibles lors de l&#8217;environnement d&#8217;ex\u00e9cution de pr\u00e9-lancement initial (<a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/tianocore\/tianocore.github.io\/wiki\/PXE\" target=\"_blank\">PXE<\/a>prononc\u00e9 &#8220;pixie&#8221;), qui permet d&#8217;effectuer des t\u00e2ches de gestion en l&#8217;absence d&#8217;un syst\u00e8me d&#8217;exploitation en cours d&#8217;ex\u00e9cution.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tl_d2\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1705402644_392_Le-logiciel-malveillant-Inferno-deguise-en-Coinbase-a-draine-87.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>En d&#8217;autres termes, il s&#8217;agit d&#8217;une interface client-serveur pour <a rel=\"nofollow noopener\" href=\"https:\/\/techcommunity.microsoft.com\/t5\/itops-talk-blog\/how-does-the-pxe-boot-process-work\/ba-p\/888557\" target=\"_blank\">d\u00e9marrer un appareil<\/a> \u00e0 partir de sa carte d&#8217;interface r\u00e9seau (NIC) et permet aux ordinateurs en r\u00e9seau qui ne sont pas encore charg\u00e9s d&#8217;un syst\u00e8me d&#8217;exploitation d&#8217;\u00eatre configur\u00e9s et d\u00e9marr\u00e9s \u00e0 distance par un administrateur.<\/p>\n<p>Le code PXE est inclus dans le micrologiciel UEFI de la carte m\u00e8re ou dans la m\u00e9moire morte (ROM) du micrologiciel de la carte r\u00e9seau.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1705577911_984_Les-failles-PixieFail-UEFI-exposent-des-millions-dordinateurs-au-RCE.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1705577911_984_Les-failles-PixieFail-UEFI-exposent-des-millions-dordinateurs-au-RCE.jpg\" alt=\"Failles UEFI de PixieFail\" border=\"0\" data-original-height=\"572\" data-original-width=\"728\" title=\"Failles UEFI de PixieFail\"\/><\/a><\/div>\n<p>Le <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/quarkslab\/pixiefail\" target=\"_blank\">probl\u00e8mes identifi\u00e9s par Quarkslab<\/a> au sein du NetworkPkg d&#8217;EDKII englobent les bogues de d\u00e9bordement, les lectures hors limites, les boucles infinies et l&#8217;utilisation d&#8217;un g\u00e9n\u00e9rateur de nombres pseudo-al\u00e9atoires (PRNG) faible qui entra\u00eenent des attaques d&#8217;empoisonnement DNS et DHCP, des fuites d&#8217;informations, un d\u00e9ni de service et des attaques par insertion de donn\u00e9es \u00e0 la couche IPv4 et IPv6.<\/p>\n<p>La liste des d\u00e9fauts est la suivante &#8211;<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45229\" target=\"_blank\"><strong>CVE-2023-45229<\/strong><\/a>  (score CVSS\u00a0: 6,5) &#8211; D\u00e9passement de d\u00e9passement entier lors du traitement des options IA_NA\/IA_TA dans un message DHCPv6 Advertise<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45230\" target=\"_blank\"><strong>CVE-2023-45230<\/strong><\/a>  (score CVSS\u00a0:\u00a08,3) &#8211; D\u00e9bordement de tampon dans le client DHCPv6 via une option d&#8217;ID de serveur longue<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45231\" target=\"_blank\"><strong>CVE-2023-45231<\/strong><\/a>  (score CVSS : 6,5) &#8211; Lecture hors limites lors du traitement d&#8217;un message de redirection ND avec des options tronqu\u00e9es<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45232\" target=\"_blank\"><strong>CVE-2023-45232<\/strong><\/a>  (score CVSS : 7,5) &#8211; Boucle infinie lors de l&#8217;analyse des options inconnues dans l&#8217;en-t\u00eate Options de destination<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45233\" target=\"_blank\"><strong>CVE-2023-45233<\/strong><\/a>  (score CVSS : 7,5) &#8211; Boucle infinie lors de l&#8217;analyse d&#8217;une option PadN dans l&#8217;en-t\u00eate Options de destination<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45234\" target=\"_blank\"><strong>CVE-2023-45234<\/strong><\/a>  (score CVSS : 8,3) &#8211; D\u00e9bordement de tampon lors du traitement de l&#8217;option des serveurs DNS dans un message de publicit\u00e9 DHCPv6<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45235\" target=\"_blank\"><strong>CVE-2023-45235<\/strong><\/a>  (score CVSS : 8,3) &#8211; D\u00e9bordement de tampon lors de la gestion de l&#8217;option d&#8217;ID de serveur \u00e0 partir d&#8217;un message d&#8217;annonce de proxy DHCPv6<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45236\" target=\"_blank\"><strong>CVE-2023-45236<\/strong><\/a>  (score CVSS : 5,8) &#8211; Num\u00e9ros de s\u00e9quence initiaux TCP pr\u00e9visibles<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-45237\" target=\"_blank\"><strong>CVE-2023-45237<\/strong><\/a>  (score CVSS : 5,3) &#8211; Utilisation d&#8217;un g\u00e9n\u00e9rateur de nombres pseudo-al\u00e9atoires faible<\/li>\n<\/ul>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/3UvK59NV\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Nouveau-JinxLoader-ciblant-les-utilisateurs-avec-les-logiciels-malveillants-Formbook.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;L&#8217;impact et l&#8217;exploitabilit\u00e9 de ces vuln\u00e9rabilit\u00e9s d\u00e9pendent de la version sp\u00e9cifique du micrologiciel et de la configuration de d\u00e9marrage PXE par d\u00e9faut&#8221;, indique le centre de coordination du CERT (CERT\/CC). <a rel=\"nofollow noopener\" href=\"https:\/\/www.kb.cert.org\/vuls\/id\/132380\" target=\"_blank\">dit<\/a> dans un avis.<\/p>\n<p>&#8220;Un attaquant au sein du r\u00e9seau local (et, dans certains sc\u00e9narios, \u00e0 distance) pourrait exploiter ces faiblesses pour ex\u00e9cuter du code \u00e0 distance, lancer des attaques DoS, empoisonner le cache DNS ou extraire des informations sensibles.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/01\/pixiefail-uefi-flaws-expose-millions-of.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80218 janvier 2024\ue804R\u00e9dactionS\u00e9curit\u00e9\/vuln\u00e9rabilit\u00e9 du micrologiciel Plusieurs vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es dans la pile de protocole r\u00e9seau TCP\/IP d&#8217;une impl\u00e9mentation de r\u00e9f\u00e9rence open source de Unified Extensible Firmware Interface (UEFI) sp\u00e9cification largement utilis\u00e9e dans les ordinateurs modernes. Collectivement doubl\u00e9 Pixie\u00c9chec par Quarkslab, le neuf num\u00e9ros r\u00e9sident dans le kit de d\u00e9veloppement TianoCore EFI II [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1106679,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,4168,4165,4161,200267,133,1343,20525,7710,39576,4806,4159,4171,65,200271,1610,200268,200269,200270,225079,22778,128318,4172,4169,21602,4166,1976,4164],"class_list":["post-1106678","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-des","tag-donnees","tag-dordinateurs","tag-dos","tag-exposent","tag-failles","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-millions","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-pixiefail","tag-rce","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-uefi","tag-violation-de-donnees","tag-vol","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1106678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1106678"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1106678\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1106679"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1106678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1106678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1106678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}