{"id":390310,"date":"2022-09-30T08:03:31","date_gmt":"2022-09-30T10:03:31","guid":{"rendered":"https:\/\/teknomers.com\/fr\/microsoft-confirme-que-2-nouvelles-failles-exchange-zero-day-sont-utilisees-dans-la-nature\/"},"modified":"2022-09-30T08:03:32","modified_gmt":"2022-09-30T10:03:32","slug":"microsoft-confirme-que-2-nouvelles-failles-exchange-zero-day-sont-utilisees-dans-la-nature","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/microsoft-confirme-que-2-nouvelles-failles-exchange-zero-day-sont-utilisees-dans-la-nature\/","title":{"rendered":"Microsoft confirme que 2 nouvelles failles Exchange Zero-Day sont utilis\u00e9es dans la nature"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Microsoft a officiellement r\u00e9v\u00e9l\u00e9 qu&#8217;il enqu\u00eatait sur deux vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 zero-day affectant Exchange Server 2013, 2016 et 2019 \u00e0 la suite de rapports d&#8217;exploitation \u00e0 l&#8217;\u00e9tat sauvage.<\/p>\n<p>&#8220;La premi\u00e8re vuln\u00e9rabilit\u00e9, identifi\u00e9e comme <a rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41040\" target=\"_blank\">CVE-2022-41040<\/a>est une falsification de requ\u00eate c\u00f4t\u00e9 serveur (<a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Server-side_request_forgery\" target=\"_blank\">SSRF<\/a>) vuln\u00e9rabilit\u00e9, tandis que la seconde, identifi\u00e9e comme <a rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41082\" target=\"_blank\">CVE-2022-41082<\/a>permet l&#8217;ex\u00e9cution de code \u00e0 distance (RCE) lorsque PowerShell est accessible \u00e0 l&#8217;attaquant \u00bb, le g\u00e9ant de la technologie <a rel=\"nofollow noopener\" href=\"https:\/\/msrc-blog.microsoft.com\/2022\/09\/29\/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server\/\" target=\"_blank\">a dit<\/a>.<\/p>\n<p>La soci\u00e9t\u00e9 a \u00e9galement confirm\u00e9 qu&#8217;elle \u00e9tait au courant des &#8220;attaques cibl\u00e9es limit\u00e9es&#8221; militarisant les failles pour obtenir un acc\u00e8s initial aux syst\u00e8mes cibl\u00e9s, mais a soulign\u00e9 qu&#8217;un acc\u00e8s authentifi\u00e9 au serveur Exchange vuln\u00e9rable est n\u00e9cessaire pour r\u00e9ussir l&#8217;exploitation.<\/p>\n<p>Les attaques d\u00e9taill\u00e9es par Microsoft montrent que les deux failles s&#8217;encha\u00eenent dans une cha\u00eene d&#8217;exploit, le bug SSRF permettant \u00e0 un adversaire authentifi\u00e9 de d\u00e9clencher \u00e0 distance l&#8217;ex\u00e9cution de code arbitraire.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/09\/Microsoft-confirme-que-2-nouvelles-failles-Exchange-Zero-Day-sont-utilisees.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>La soci\u00e9t\u00e9 bas\u00e9e \u00e0 Redmond a \u00e9galement confirm\u00e9 qu&#8217;elle travaillait sur un &#8220;calendrier acc\u00e9l\u00e9r\u00e9&#8221; pour pousser un correctif, tout en exhortant les clients Microsoft Exchange sur place \u00e0 ajouter une r\u00e8gle de blocage dans IIS Manager comme solution de contournement temporaire pour att\u00e9nuer les menaces potentielles.<\/p>\n<p>Il convient de noter que les clients Microsoft Exchange Online ne sont pas concern\u00e9s.  Les \u00e9tapes pour ajouter la r\u00e8gle de blocage sont les suivantes &#8211;<\/p>\n<ol>\n<li>Ouvrez le gestionnaire IIS<\/li>\n<li>D\u00e9velopper le site Web par d\u00e9faut<\/li>\n<li>S\u00e9lectionnez D\u00e9couverte automatique<\/li>\n<li>Dans la vue des fonctionnalit\u00e9s, cliquez sur R\u00e9\u00e9criture d&#8217;URL<\/li>\n<li>Dans le volet Actions sur le c\u00f4t\u00e9 droit, cliquez sur Ajouter des r\u00e8gles<\/li>\n<li>S\u00e9lectionnez Demander le blocage et cliquez sur OK<\/li>\n<li>Ajoutez la cha\u00eene &#8220;.*autodiscover.json.*@.*Powershell.*&#8221; (hors guillemets) et cliquez sur OK<\/li>\n<li>D\u00e9veloppez la r\u00e8gle et s\u00e9lectionnez la r\u00e8gle avec le mod\u00e8le &#8220;.*autodiscover.json.*@.*Powershell.*&#8221; et cliquez sur Modifier sous Conditions<\/li>\n<li>Modifiez l&#8217;entr\u00e9e de condition de URL \u00e0 REQUEST_URI<\/li>\n<\/ol>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/09\/microsoft-confirms-2-new-exchange-zero.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft a officiellement r\u00e9v\u00e9l\u00e9 qu&#8217;il enqu\u00eatait sur deux vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 zero-day affectant Exchange Server 2013, 2016 et 2019 \u00e0 la suite de rapports d&#8217;exploitation \u00e0 l&#8217;\u00e9tat sauvage. &#8220;La premi\u00e8re vuln\u00e9rabilit\u00e9, identifi\u00e9e comme CVE-2022-41040est une falsification de requ\u00eate c\u00f4t\u00e9 serveur (SSRF) vuln\u00e9rabilit\u00e9, tandis que la seconde, identifi\u00e9e comme CVE-2022-41082permet l&#8217;ex\u00e9cution de code \u00e0 distance (RCE) [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":390311,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4168,845,4158,4165,4161,429,7854,4806,4157,4159,4171,4170,4167,8362,4160,5853,120,4163,4162,4172,4169,317,19022,4166,4164,35759],"class_list":["post-390310","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-comment-pirater","tag-confirme","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-exchange","tag-failles","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-microsoft","tag-mises-a-jour-de-la-cybersecurite","tag-nature","tag-nouvelles","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-securite-informatique","tag-securite-internet","tag-sont","tag-utilisees","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-zeroday"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/390310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=390310"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/390310\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/390311"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=390310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=390310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=390310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}