最新更新: 已有安全研究员结合漏洞介绍和检测技术研究出 在野可用的 攻击PoC. 考虑到仍有逾125000台全球邮件服务器没有更新, 微软已经在争议声中删除了github上该PoC代码. 但目前该漏洞攻击方式已接近公开, 大家务必立即更新复核;
漏洞介绍:
微软在今天发布了紧急的0day漏洞更新, 有以下几个漏洞: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065
CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.
重点解读一下这个漏洞 : 黑客可以通过伪造HTTP请求以Exchange Server登录绕过 Exchange web服务的验证. 之后可以与其他漏洞特别是如CVE-2021-26858组合实现控制服务器, 获得微软活动目录数据库,以及邮件数据库的控制; 危害极大;
CVE-2021-26857 is an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave HAFNIUM the ability to run code as SYSTEM on the Exchange server. This requires administrator perm