{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-26857",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-26857"
    }
  },
  "description": "Exchange \u662f\u5fae\u8f6f\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u670d\u52a1\u7ec4\u4ef6\uff0c\u662f\u4e2a\u6d88\u606f\u4e0e\u534f\u4f5c\u7cfb\u7edf\u3002\n\nMicrosoft Exchange Server\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u9700\u8981\u7ba1\u7406\u5458\u6743\u9650\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4ee5\u5728Exchange\u670d\u52a1\u5668\u4e0a\u4ee5SYSTEM\u8eab\u4efd\u8fd0\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-14812",
  "openTime": "2021-03-07",
  "patchDescription": "Exchange \u662f\u5fae\u8f6f\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u670d\u52a1\u7ec4\u4ef6\uff0c\u662f\u4e2a\u6d88\u606f\u4e0e\u534f\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Exchange Server\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u9700\u8981\u7ba1\u7406\u5458\u6743\u9650\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4ee5\u5728Exchange\u670d\u52a1\u5668\u4e0a\u4ee5SYSTEM\u8eab\u4efd\u8fd0\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Exchange Server\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Exchange Server 2019 Cumulative Update 8",
      "Microsoft Exchange Server 2019 Cumulative Update 7",
      "Microsoft Exchange Server 2016 Cumulative Update 19",
      "Microsoft Exchange Server 2013 Cumulative Update 23",
      "Microsoft Exchange Server 2010 Service Pack 3",
      "Microsoft Exchange Server 2016 Cumulative Update 18"
    ]
  },
  "referenceLink": "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/",
  "serverity": "\u9ad8",
  "submitTime": "2021-03-03",
  "title": "Microsoft Exchange Server\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e"
}

{
  "GSD": {
    "alias": "CVE-2021-26857",
    "description": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.",
    "id": "GSD-2021-26857"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-26857"
      ],
      "details": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.",
      "id": "GSD-2021-26857",
      "modified": "2023-12-13T01:23:32.990544Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-26857",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-04-16",
      "product": "Microsoft Exchange Server",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Unified Messaging Deserialization Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2021-26857",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 19",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 8",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2013 Cumulative Update 22",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.00.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 13",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.00.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 5",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 6",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 16",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 17",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 7",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 18",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2010 Service Pack 3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "14.0.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2013 Service Pack 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.00.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2013 Cumulative Update 21",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.00.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 12",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 8",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 9",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 10",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 11",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2021-04-16",
        "cisaExploitAdd": "2021-11-03",
        "cisaRequiredAction": "Apply updates per vendor instructions.",
        "cisaVulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*",
                    "matchCriteriaId": "3E5EA9AD-1E84-4AB5-A1EF-3B9F2AC84755",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
                    "matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*",
                    "matchCriteriaId": "29805EC7-6403-44B9-91EC-109C087E98EB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*",
                    "matchCriteriaId": "28FCA0E8-7D27-4746-9731-91B834CA3E64",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*",
                    "matchCriteriaId": "36CE5C6D-9A04-41F5-AE7C-265779833649",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*",
                    "matchCriteriaId": "44ECF39A-1DE1-4870-A494-06A53494338D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
          },
          {
            "lang": "es",
            "value": "Una Vulnerabilidad de Ejecuci\u00f3n de c\u00f3digo remota de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078"
          }
        ],
        "id": "CVE-2021-26857",
        "lastModified": "2023-12-29T17:16:01.073",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "secure@microsoft.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2021-03-03T00:15:12.167",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-502"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

{
  "affected": [],
  "aliases": [
    "CVE-2021-26857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502",
      "CWE-506"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-03T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.",
  "id": "GHSA-2qwq-gqpm-q83g",
  "modified": "2025-10-22T00:32:04Z",
  "published": "2022-05-24T22:01:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26857"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26857"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rails is bad"
}

{
  "cisaActionDue": "2021-04-16",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3E5EA9AD-1E84-4AB5-A1EF-3B9F2AC84755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*",
              "matchCriteriaId": "751FD35F-2ECD-4B75-9589-988CC6AD3058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
              "matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0C21F84B-E99C-451D-9EAF-6352FD2B0EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*",
              "matchCriteriaId": "63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*",
              "matchCriteriaId": "9BE04790-85A2-4078-88CE-1787BC5172E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*",
              "matchCriteriaId": "CCF101BE-27FD-4E2D-A694-C606BD3D1ED7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*",
              "matchCriteriaId": "4DF5BDB5-205D-4B64-A49A-0152AFCF4A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*",
              "matchCriteriaId": "55284CF7-0D04-4216-83FE-4B1F9CA94207",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*",
              "matchCriteriaId": "CA2CE223-AA49-49E6-AC32-59270EFF55AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*",
              "matchCriteriaId": "4830D6A9-AF74-480C-8F69-8648CD619980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*",
              "matchCriteriaId": "079E1E3F-FF25-4B0D-AC98-191D6455A014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*",
              "matchCriteriaId": "29805EC7-6403-44B9-91EC-109C087E98EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*",
              "matchCriteriaId": "28FCA0E8-7D27-4746-9731-91B834CA3E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*",
              "matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*",
              "matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*",
              "matchCriteriaId": "40D8A6DB-9225-4A3F-AD76-192F6CCCF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*",
              "matchCriteriaId": "051DE6C4-7456-4C42-BC51-253208AADB4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*",
              "matchCriteriaId": "EE320413-D2C9-4B28-89BF-361B44A3F0FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*",
              "matchCriteriaId": "104F96DC-E280-4E0A-8586-B043B55888C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*",
              "matchCriteriaId": "73B3B3FE-7E85-4B86-A983-2C410FFEF4B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*",
              "matchCriteriaId": "8A9FB275-7F17-48B2-B528-BE89309D2AF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*",
              "matchCriteriaId": "D4AB3C25-CEA8-4D66-AEE4-953C8B17911A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*",
              "matchCriteriaId": "36CE5C6D-9A04-41F5-AE7C-265779833649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*",
              "matchCriteriaId": "44ECF39A-1DE1-4870-A494-06A53494338D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una Vulnerabilidad de Ejecuci\u00f3n de c\u00f3digo remota de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078"
    }
  ],
  "id": "CVE-2021-26857",
  "lastModified": "2025-10-30T19:55:52.993",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-03-03T00:15:12.167",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26857"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange 2010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange 2019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-27078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27078"
    },
    {
      "name": "CVE-2021-26858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26858"
    },
    {
      "name": "CVE-2021-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27065"
    },
    {
      "name": "CVE-2021-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26855"
    },
    {
      "name": "CVE-2021-26854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26854"
    },
    {
      "name": "CVE-2021-26857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26857"
    },
    {
      "name": "CVE-2021-26412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26412"
    }
  ],
  "initial_release_date": "2021-03-03T00:00:00",
  "last_revision_date": "2021-03-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-156",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Exchange\nServer. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Exchange Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26412 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26412"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26855 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26855"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-27065 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-27065"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-27078 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-27078"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26857 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26857"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26854 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26854"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26858 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26858"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eMicrosoft Exchange Server 2010\u003c/li\u003e \u003cli\u003eMicrosoft Exchange Server 2013\u003c/li\u003e \u003cli\u003eMicrosoft Exchange Server 2016\u003c/li\u003e \u003cli\u003eMicrosoft Exchange Server 2019\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes solutions Exchange Online ne sont pas affect\u00e9es par les vuln\u00e9rabilit\u00e9s.\u003c/p\u003e ",
  "closed_at": "2021-07-16",
  "content": "## Contournement provisoire\n\n**\\[version du 16 mars 2021\\]**\n\nL\u0027 outil\u00a0*Exchange On-premises Mitigation Tool* (EOMT) fourni par\nMicrosoft le 15 mars 2021 a trois fonctions :\n\n-   chercher \u00e0 emp\u00eacher les exploitations connues de la\n    vuln\u00e9rabilit\u00e9\u00a0CVE-2021-26855 affectant les serveurs Exchange ;\n-   rechercher sur le syst\u00e8me des traces connues d\u0027exploitation gr\u00e2ce\n    au\u00a0*Microsoft Safety Scanner* ;\n-   tenter de rem\u00e9dier aux compromissions par certaines m\u00e9thodes connues\n    ayant \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es par le\u00a0*Microsoft Safety Scanner*.\n\nMicrosoft insiste sur le fait que l\u0027utilisation de ce script ne dispense\npas de l\u0027installation de la mise \u00e0 jour et que cet outil ne prot\u00e8ge que\ncontre les menaces connues.\n\nMicrosoft pr\u00e9cise que cet outil a \u00e9t\u00e9 test\u00e9 sur les versions\u00a02013, 2016\net 2019 d\u0027Exchange Server \\[9\\].\n\n## Solution\n\n**Pour rappel**, seuls les deux derniers Cumulative Update (CU) des\nserveurs Exchange en version 2013, 2016 et 2019 sont maintenus \u00e0 jour et\nre\u00e7oivent les correctifs de s\u00e9curit\u00e9.\n\nDes correctifs de s\u00e9curit\u00e9 sont donc disponibles pour :\n\n-   Exchange Server 2013 CU 23\n-   Exchange Server 2016 CU 19 et CU 18\n-   Exchange Server 2019 CU 8 et CU 7\n-   Exchange Server 2010 SP3 Rollup 30\n\nPour des versions ant\u00e9rieures, il faut appliquer les Cumulative Update\nou les Rollup pour Exchange 2010 en amont de l\u2019application du correctif.\nMicrosoft a publi\u00e9 une proc\u00e9dure accompagn\u00e9e d\u2019une Foire Aux Questions\n\\[2\\].\n\n------------------------------------------------------------------------\n\nLa mise \u00e0 jour d\u0027un produit ou d\u0027un logiciel est une op\u00e9ration d\u00e9licate\nqui doit \u00eatre men\u00e9e avec prudence. Il est notamment recommander\nd\u0027effectuer des tests autant que possible. Des dispositions doivent\n\u00e9galement \u00eatre prises pour garantir la continuit\u00e9 de service en cas de\ndifficult\u00e9s lors de l\u0027application des mises \u00e0 jour comme des correctifs\nou des changements de version.\n",
  "cves": [
    {
      "name": "CVE-2021-26858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26858"
    },
    {
      "name": "CVE-2021-27078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27078"
    },
    {
      "name": "CVE-2021-26857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26857"
    },
    {
      "name": "CVE-2021-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26855"
    },
    {
      "name": "CVE-2021-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27065"
    },
    {
      "name": "CVE-2021-26412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26412"
    },
    {
      "name": "CVE-2021-26854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26854"
    }
  ],
  "initial_release_date": "2021-03-03T00:00:00",
  "last_revision_date": "2021-07-16T00:00:00",
  "links": [
    {
      "title": "[2]",
      "url": "https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901"
    },
    {
      "title": "[9]",
      "url": "https://github.com/microsoft/CSS-Exchange/tree/main/Security"
    },
    {
      "title": "Pr\u00e9sentation de l\u0027outil Microsoft EOMT du 15 mars 2021",
      "url": "https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/"
    },
    {
      "title": "Avis CERT-FR du 03 mars 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-156/"
    },
    {
      "title": "[8]",
      "url": "https://techcommunity.microsoft.com/t5/exchange-team-blog/march-2021-exchange-server-security-updates-for-older-cumulative/ba-p/2192020"
    },
    {
      "title": "GitHub Microsoft CSS-Exchange",
      "url": "https://github.com/microsoft/CSS-Exchange/tree/main/Security"
    },
    {
      "title": "[4]",
      "url": "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
    },
    {
      "title": "[3]",
      "url": "https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/"
    },
    {
      "title": "[7]",
      "url": "https://us-cert.cisa.gov/ncas/alerts/aa21-062a"
    },
    {
      "title": "[5]",
      "url": "https://github.com/microsoft/CSS-Exchange/tree/main/Security"
    },
    {
      "title": "[6]",
      "url": "https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/"
    },
    {
      "title": "[1]",
      "url": "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
    }
  ],
  "reference": "CERTFR-2021-ALE-004",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-03T00:00:00.000000"
    },
    {
      "description": "Clarification sur les syst\u00e8mes affect\u00e9s",
      "revision_date": "2021-03-03T00:00:00.000000"
    },
    {
      "description": "Ajout des informations communiqu\u00e9es par Microsoft",
      "revision_date": "2021-03-08T00:00:00.000000"
    },
    {
      "description": "Ajout des recommandations du CISA",
      "revision_date": "2021-03-08T00:00:00.000000"
    },
    {
      "description": "Ajout des informations concernant les correctifs pour les anciens Cumulative Updates",
      "revision_date": "2021-03-09T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027outil EOMT de Microsoft.",
      "revision_date": "2021-03-16T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2021-07-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[version du 16 mars 2021\\]\u003c/strong\u003e\n\nle 15 mars 2021, Microsoft a publi\u00e9 un nouvel outil dont le but annonc\u00e9\nest d\u0027aider leurs clients \u00e0 se prot\u00e9ger de l\u0027exploitation de la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2021-26855 affectant les serveurs de courrier Exchange\nen attendant l\u0027application des mises \u00e0 jour\n[(https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/).](https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/)\n\nLes d\u00e9tails de cet outil sont d\u00e9velopp\u00e9s dans la section \"Contournement\nprovisoire\".\n\nLe CERT-FR souhaite cependant insister sur plusieurs points:\n\n-   Cet outil ne prot\u00e8ge que contre une exploitation future de la\n    vuln\u00e9rabilit\u00e9 CVE-2021-26855, en attendant l\u0027application de la mise\n    \u00e0 jour fournie le 2 mars 2021 ;\n-   Les vuln\u00e9rabilit\u00e9s ayant \u00e9t\u00e9 exploit\u00e9es avant la publication des\n    correctifs, puis de fa\u00e7on massive, tous les serveurs Exchange\n    doivent \u00eatre consid\u00e9r\u00e9s comme compromis. L\u0027utilisation de cet outil\n    ne remplace pas l\u0027\u00e9tape de recherche de compromission (voir les\n    recommandations de cette alerte) ;\n-   De plus en plus de codes d\u0027exploitation sont publiquement\n    disponibles. L\u0027outil de Microsoft tente d\u0027annuler certaines\n    modifications malveillantes r\u00e9alis\u00e9es lors de l\u0027exploitation de la\n    vuln\u00e9rabilit\u00e9 CVE-2021-26855, mais cela ne fonctionne que pour une\n    partie des codes d\u0027exploitation connus.\n\n\u003cstrong\u003e\\[version du 9 mars 2021\\]\u003c/strong\u003e\n\nLe CERT-FR recommande fortement de toujours maintenir les serveurs\nExchange dans une version maintenue par l\u0027\u00e9diteur, notamment en\nappliquant les derniers *Cumulative Updates (CU)*. Cependant, \u00e9tant\ndonn\u00e9 l\u0027urgence de la situation, dans le cas o\u00f9 l\u0027application d\u0027un *CU*\nne peut pas se faire imm\u00e9diatement, l\u0027\u00e9diteur a publi\u00e9 un correctif pour\nles anciens *CU* des versions Exchange 2016 et 2019\n[\\[8\\]](https://techcommunity.microsoft.com/t5/exchange-team-blog/march-2021-exchange-server-security-updates-for-older-cumulative/ba-p/2192020).\n\nNote importante : Le CERT-FR insiste sur l\u0027importance de bien suivre les\nrecommandations de l\u0027\u00e9diteur pour l\u0027application des correctifs : en\nparticulier, en cas d\u0027installation manuelle du fichier .msp, il est\nobligatoire d\u0027avoir les droits administrateur au moment de son\ninstallation.\n\n\u003cstrong\u003e\\[version du 8 mars 2021\\]\u003c/strong\u003e\n\nMicrosoft a publi\u00e9 un code\n[\\[5\\]](https://github.com/microsoft/CSS-Exchange/tree/main/Security)\npermettant de v\u00e9rifier la pr\u00e9sence des indicateurs de compromission\n(IoCs) li\u00e9s au mode op\u00e9ratoire *Hafnium*. Un d\u00e9tail de l\u0027utilisation de\nce code est disponible dans la section *\"scan Exchange log files\"* de\nl\u2019article *\"HAFNIUM targeting Exchange Servers with 0-day exploits\"*\n[\\[1\\]](https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/).\n\nA d\u00e9faut d\u0027appliquer le correctif imm\u00e9diatement, des mesures de\ncontournement \u003cstrong\u003eprovisoires\u003c/strong\u003e ont \u00e9t\u00e9 propos\u00e9es par l\u0027\u00e9diteur pour les\nversions 2013, 2016 et 2019 des serveurs Exchange\n[\\[6\\]](https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/).\nCependant, contrairement aux correctifs, ces mesures ont un impact sur\nles fonctionnalit\u00e9s des serveurs Exchange et ne garantissent pas une\nprotection compl\u00e8te contre ces vuln\u00e9rabilit\u00e9s.\n\nDe plus, dans le cas o\u00f9 l\u0027application du correctif n\u0027est pas imm\u00e9diate,\nle CISA recommande de restreindre les acc\u00e8s externes des plateformes\nExchange expos\u00e9es en appliquant les mesures suivantes\u00a0\n[\\[7\\]](https://us-cert.cisa.gov/ncas/alerts/aa21-062a) :\n\n-   Bloquer les connections non v\u00e9rifi\u00e9es qui peuvent acc\u00e9der aux\n    serveurs Exchange sur le port 443, ou mettre en place un VPN afin\n    qu\u0027il ne soit plus directement expos\u00e9 sur Internet ;\n-   Restreindre les acc\u00e8s externes :\n    -   \u00c0 l\u0027url OWA : /owa/ ;\n    -   \u00c0 l\u0027url Exchange Admin Center (EAC) aka Exchange Control Panel\n        (ECP) : /ecp/\n\nMicrosoft met en avant la forte augmentation de l\u0027exploitation de ces\nquatre vuln\u00e9rabilit\u00e9s par des attaquants. Le CERT-FR rappelle donc le\nmotif \u003cstrong\u003eurgent\u003c/strong\u003e de la \u003cstrong\u003emise en place des correctifs de s\u00e9curit\u00e9\u003c/strong\u003e, ou\nau moins la restriction des acc\u00e8s \u00e0 la plateforme ainsi que la mise en\nplace des mesures de contournement le temps d\u0027appliquer ces correctifs.\n\n\u00a0\n\n\u003cstrong\u003e\\[version initiale\\]\u003c/strong\u003e\n\nLe 2 mars 2021, Microsoft a publi\u00e9 des correctifs concernant des\nvuln\u00e9rabilit\u00e9s critiques de type \u00ab\u00a0jour z\u00e9ro\u00a0\u00bb (zero day) affectant les\nserveurs de messagerie Exchange en version 2010, 2013, 2016 et 2019.\n\nCes vuln\u00e9rabilit\u00e9s permettent \u00e0 un attaquant de r\u00e9aliser une ex\u00e9cution\nde code arbitraire \u00e0 distance, permettant d\u2019obtenir *in fine* les droits\nde l\u2019administrateur de domaine Active Directory.\n\n-   CVE-2021-26855\u00a0: vuln\u00e9rabilit\u00e9 c\u00f4t\u00e9 serveur de type SSRF permettant\n    \u00e0 l\u2018attaquant non authentifi\u00e9 d\u2019envoyer des requ\u00eates HTTP\n    arbitraires qui seront ex\u00e9cut\u00e9es sous l\u2019identit\u00e9 du serveur\n    Exchange.\n-   CVE-2021-27065\u00a0: vuln\u00e9rabilit\u00e9 post-authentification permettant \u00e0\n    l\u2019attaquant de pouvoir \u00e9crire un contenu arbitraire dans un fichier.\n    Les droits d\u2019acc\u00e8s peuvent \u00eatre obtenus soit en exploitant la\n    CVE-2021-26855 soit en compromettant les identifiants d\u2019un\n    administrateur l\u00e9gitime.\n-   CVE-2021-26857\u00a0: vuln\u00e9rabilit\u00e9 bas\u00e9e sur une faiblesse de la\n    d\u00e9s\u00e9rialisation dans le service de messagerie unifi\u00e9e (Unified\n    Messaging). Cette vuln\u00e9rabilit\u00e9 permet \u00e0 l\u2019attaquant de pouvoir\n    ex\u00e9cuter du code arbitraire \u00e0 distance avec les privil\u00e8ges SYSTEM\n    sur le serveur Exchange. L\u2019exploitation de cette vuln\u00e9rabilit\u00e9\n    demande les droits administrateurs (ou l\u2019exploitation d\u2019une autre\n    vuln\u00e9rabilit\u00e9).\n-   CVE-2021-26858\u00a0: vuln\u00e9rabilit\u00e9 post-authentification permettant \u00e0\n    l\u2019attaquant de pouvoir \u00e9crire un contenu arbitraire dans un fichier.\n    Les droits d\u2019acc\u00e8s peuvent \u00eatre obtenus soit en exploitant la\n    CVE-2021-26855 soit en compromettant les identifiants d\u2019un\n    administrateur l\u00e9gitime.\n\nL\u2019\u00e9diteur indique que ces vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 exploit\u00e9es dans des\nattaques cibl\u00e9es qu\u0027il attribue \u00e0 un groupe d\u2019attaquants appel\u00e9\n*Hafnium*\n[\\[1\\]](https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/).\nEn compl\u00e9ment, les chercheurs de Volexity indiquent avoir d\u00e9tect\u00e9 des\npremi\u00e8res attaques d\u00e8s janvier 2021\n[\\[4\\]](https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/).\n\nAu vu de la criticit\u00e9 de ces vuln\u00e9rabilit\u00e9s, l\u2019ANSSI recommande\nfortement de r\u00e9aliser les actions suivantes\u00a0:\n\n-   d\u00e9connecter imm\u00e9diatement les serveurs Exchange qui seraient expos\u00e9s\n    sur Internet sans protection le temps d\u2019appliquer les correctifs ;\n-   appliquer imm\u00e9diatement les correctifs de s\u00e9curit\u00e9 fournis par\n    l\u2019\u00e9diteur sur l\u2019ensemble des serveurs Exchange expos\u00e9s sur Internet\n    puis en interne ;\n-   proc\u00e9der \u00e0 l\u2019analyse des serveurs Exchange afin d\u2019identifier une\n    possible compromission \u00e0 l\u2019aide des indicateurs de compromission\n    publi\u00e9s par l\u2019\u00e9diteur\n    [\\[1\\]](https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/)\u00a0et\n    de Volexity\n    [\\[4\\]](https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/).\n    Une premi\u00e8re \u00e9tape consistera notamment \u00e0 effectuer une recherche\n    d\u0027ant\u00e9c\u00e9dents dans les logs des serveurs web de Outlook Web Access\n    afin de d\u00e9celer d\u0027\u00e9ventuelles requ\u00eates de type *POST* vers\n    */owa/auth/Current/themes/resources/* ;\n-   en cas de compromission, de contr\u00f4ler le syst\u00e8me d\u2019information pour\n    d\u00e9tecter d\u2019\u00e9ventuelles lat\u00e9ralisations ainsi qu\u2019une compromission\n    des serveurs Active Directory.\n\n\u00a0\n\nEnfin, le CERT-FR rappelle que les serveurs Microsoft Exchange ne\ndevraient pas \u00eatre expos\u00e9s sans protection sur Internet. Il est\nfortement recommand\u00e9 d\u2019appliquer les bonnes pratiques publi\u00e9es par\nl\u2019ANSSI pour le nomadisme\n[\\[3\\]](https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/).\n",
  "title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Exchange Server",
  "vendor_advisories": [
    {
      "published_at": "2021-03-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft",
      "url": "https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/"
    }
  ]
}