{"id":403373,"date":"2022-10-08T05:29:43","date_gmt":"2022-10-08T07:29:43","guid":{"rendered":"https:\/\/teknomers.com\/fr\/microsoft-publie-des-mesures-dattenuation-ameliorees-pour-les-vulnerabilites-non-corrigees-dexchange-server\/"},"modified":"2022-10-08T05:29:44","modified_gmt":"2022-10-08T07:29:44","slug":"microsoft-publie-des-mesures-dattenuation-ameliorees-pour-les-vulnerabilites-non-corrigees-dexchange-server","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/microsoft-publie-des-mesures-dattenuation-ameliorees-pour-les-vulnerabilites-non-corrigees-dexchange-server\/","title":{"rendered":"Microsoft publie des mesures d&#8217;att\u00e9nuation am\u00e9lior\u00e9es pour les vuln\u00e9rabilit\u00e9s non corrig\u00e9es d&#8217;Exchange Server"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Microsoft le vendredi <a rel=\"nofollow noopener\" href=\"https:\/\/msrc-blog.microsoft.com\/2022\/09\/29\/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server\/\" target=\"_blank\">divulgu\u00e9<\/a> il a apport\u00e9 davantage d&#8217;am\u00e9liorations \u00e0 la m\u00e9thode d&#8217;att\u00e9nuation propos\u00e9e comme moyen d&#8217;emp\u00eacher les tentatives d&#8217;exploitation contre les failles de s\u00e9curit\u00e9 non corrig\u00e9es r\u00e9cemment r\u00e9v\u00e9l\u00e9es dans Exchange Server.<\/p>\n<p>\u00c0 cette fin, le g\u00e9ant de la technologie a r\u00e9vis\u00e9 la r\u00e8gle de blocage dans IIS Manager de &#8220;.*autodiscover.json.*Powershell.*&#8221; \u00e0 &#8220;(?=.*autodiscover.json)(?=.*powershell).&#8221;<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>La liste des \u00e9tapes mises \u00e0 jour pour ajouter la r\u00e8gle de r\u00e9\u00e9criture d&#8217;URL est ci-dessous &#8211;<\/p>\n<ul>\n<li>Ouvrir le gestionnaire IIS<\/li>\n<li>S\u00e9lectionnez le site Web par d\u00e9faut<\/li>\n<li>Dans la vue des fonctionnalit\u00e9s, cliquez sur R\u00e9\u00e9criture d&#8217;URL<\/li>\n<li>Dans le volet Actions sur le c\u00f4t\u00e9 droit, cliquez sur Ajouter une ou plusieurs r\u00e8gles\u2026 <\/li>\n<li>S\u00e9lectionnez Demander le blocage et cliquez sur OK<\/li>\n<li>Ajoutez la cha\u00eene &#8220;(?=.*autodiscover.json)(?=.*powershell)&#8221; (hors guillemets)<\/li>\n<li>S\u00e9lectionnez Expression r\u00e9guli\u00e8re sous Utilisation<\/li>\n<li>S\u00e9lectionnez Abandonner la demande sous Comment bloquer, puis cliquez sur OK<\/li>\n<li>D\u00e9veloppez la r\u00e8gle et s\u00e9lectionnez la r\u00e8gle avec le mod\u00e8le\u00a0: (?=.*autodiscover.json)(?=.*powershell) et cliquez sur Modifier sous Conditions<\/li>\n<li>Modifiez l&#8217;entr\u00e9e Condition de URL \u00e0 UrlDecode\u00a0:REQUEST_URI, puis cliquez sur OK<\/li>\n<\/ul>\n<p>Alternativement, les utilisateurs peuvent obtenir les protections souhait\u00e9es en ex\u00e9cutant un outil d&#8217;att\u00e9nuation sur site Exchange bas\u00e9 sur PowerShell (<a rel=\"nofollow noopener\" href=\"https:\/\/microsoft.github.io\/CSS-Exchange\/Security\/EOMTv2\/\" target=\"_blank\">EOMTv2.ps1<\/a>), qui a \u00e9galement \u00e9t\u00e9 mis \u00e0 jour pour prendre en compte le mod\u00e8le d&#8217;URL susmentionn\u00e9.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>La <a rel=\"nofollow noopener\" href=\"https:\/\/viz.greynoise.io\/tag\/exchange-proxynotshell-vuln-check?days=30\" target=\"_blank\">probl\u00e8mes activement exploit\u00e9s<\/a>appel\u00e9 ProxyNotShell (CVE-2022-41040 et CVE-2022-41082), n&#8217;ont pas encore \u00e9t\u00e9 trait\u00e9s par Microsoft, bien qu&#8217;avec le Patch Tuesday qui approche \u00e0 grands pas, l&#8217;attente pourrait ne pas \u00eatre longue.<\/p>\n<p>Une militarisation r\u00e9ussie des failles pourrait permettre \u00e0 un attaquant authentifi\u00e9 d&#8217;encha\u00eener les deux vuln\u00e9rabilit\u00e9s pour r\u00e9aliser l&#8217;ex\u00e9cution de code \u00e0 distance sur le serveur sous-jacent.<\/p>\n<p>Le g\u00e9ant de la technologie a reconnu la semaine derni\u00e8re que les lacunes avaient peut-\u00eatre \u00e9t\u00e9 exploit\u00e9es par un seul acteur de la menace parrain\u00e9 par l&#8217;\u00c9tat depuis ao\u00fbt 2022 dans des attaques cibl\u00e9es limit\u00e9es visant moins de 10 organisations dans le monde.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/10\/microsoft-issues-improved-mitigations.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft le vendredi divulgu\u00e9 il a apport\u00e9 davantage d&#8217;am\u00e9liorations \u00e0 la m\u00e9thode d&#8217;att\u00e9nuation propos\u00e9e comme moyen d&#8217;emp\u00eacher les tentatives d&#8217;exploitation contre les failles de s\u00e9curit\u00e9 non corrig\u00e9es r\u00e9cemment r\u00e9v\u00e9l\u00e9es dans Exchange Server. \u00c0 cette fin, le g\u00e9ant de la technologie a r\u00e9vis\u00e9 la r\u00e8gle de blocage dans IIS Manager de &#8220;.*autodiscover.json.*Powershell.*&#8221; \u00e0 &#8220;(?=.*autodiscover.json)(?=.*powershell).&#8221; La liste [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":403374,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[44826,4168,21195,4158,4165,4161,48257,133,115211,4157,4159,4171,4170,65,4167,659,8362,4160,4163,4162,185,2212,4172,4169,103597,4166,4164,12365],"class_list":["post-403373","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-ameliorees","tag-comment-pirater","tag-corrigees","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dattenuation","tag-des","tag-dexchange","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mesures","tag-microsoft","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pour","tag-publie","tag-securite-informatique","tag-securite-internet","tag-server","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-vulnerabilites"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/403373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=403373"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/403373\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/403374"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=403373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=403373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=403373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}