CERTFR-2021-ALE-019
Vulnerability from certfr_alerte

[Version du 15 septembre 2021] Dans le cadre de son Patch Tuesday, en date du 14 septembre 2021, Microsoft a mis à disposition un correctif pour cette vulnérabilité. Le CERT-FR recommande fortement d'appliquer ce correctif et, le cas échéant, d'enlever les contournements préalablement appliqués pour se protéger de cette vulnérabilité.

[Version initiale]

Celle-ci affecte le composant MSHTML utilisé par ActiveX. Un attaquant peut obtenir une exécution de code arbitraire à distance en envoyant un fichier Office piégé.

Cette exécution de code s'effectue avec les niveaux de privilèges de l'utilisateur ayant ouvert le document.

Aucun correctif n'est disponible.

Microsoft indique également que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées.

Contournement provisoire

[Version du 15 septembre 2021] il est recommandé d'annuler le contournement afin de revenir au fonctionnement nominal.

Dans son avis, Microsoft propose une mesure de contournement en attendant la sortie du correctif.

La modification du registre proposée empêche l'installation de nouveaux contrôles ActiveX. Celle-ci est réversible.

None
Impacted products
Vendor Product Description
Microsoft Windows Windows Server 2019 (Server Core installation)
Microsoft Windows Windows Server 2012 R2 (Server Core installation)
Microsoft Windows Windows 10 Version 20H2 pour systèmes x64
Microsoft Windows Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation)
Microsoft Windows Windows Server 2016
Microsoft Windows Windows Server, version 2004 (Server Core installation)
Microsoft Windows Windows 8.1 pour systèmes x64
Microsoft Windows Windows Server 2008 R2 pour systèmes x64 Service Pack 1
Microsoft Windows Windows Server 2008 pour systèmes x64 Service Pack 2
Microsoft Windows Windows 10 Version 2004 pour systèmes x64
Microsoft Windows Windows Server 2022
Microsoft Windows Windows Server 2008 pour systèmes 32 bits Service Pack 2
Microsoft Windows Windows 10 pour systèmes 32 bits
Microsoft Windows Windows 10 Version 2004 pour systèmes 32 bits
Microsoft Windows Windows 7 pour systèmes x64 Service Pack 1
Microsoft Windows Windows 10 Version 20H2 pour systèmes ARM64
Microsoft Windows Windows 10 Version 2004 pour systèmes ARM64
Microsoft Windows Windows 10 Version 1809 pour systèmes x64
Microsoft Windows Windows 8.1 pour systèmes 32 bits
Microsoft Windows Windows 10 Version 1909 pour systèmes ARM64
Microsoft Windows Windows Server 2012
Microsoft Windows Windows Server 2012 R2
Microsoft Windows Windows Server 2012 (Server Core installation)
Microsoft Windows Windows 10 Version 1607 pour systèmes 32 bits
Microsoft Windows Windows Server 2022 (Server Core installation)
Microsoft Windows Windows 10 Version 1909 pour systèmes 32 bits
Microsoft Windows Windows Server 2016 (Server Core installation)
Microsoft Windows Windows 7 pour systèmes 32 bits Service Pack 1
Microsoft Windows Windows 10 Version 21H1 pour systèmes ARM64
Microsoft Windows Windows 10 pour systèmes x64
Microsoft Windows Windows RT 8.1
Microsoft Windows Windows 10 Version 21H1 pour systèmes 32 bits
Microsoft Windows Windows 10 Version 20H2 pour systèmes 32 bits
Microsoft Windows Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation)
Microsoft Windows Windows 10 Version 1909 pour systèmes x64
Microsoft Windows Windows Server 2019
Microsoft Windows Windows Server, version 20H2 (Server Core Installation)
Microsoft Windows Windows 10 Version 21H1 pour systèmes x64
Microsoft Windows Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation)
Microsoft Windows Windows 10 Version 1809 pour systèmes ARM64
Microsoft Windows Windows 10 Version 1607 pour systèmes x64
Microsoft Windows Windows 10 Version 1809 pour systèmes 32 bits
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 2004 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 pour syst\u00e8mes x64 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 pour syst\u00e8mes 32 bits Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 20H2 (Server Core Installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2022-05-04",
  "content": "## Contournement provisoire\n\n**\\[Version du 15 septembre 2021\\]** il est recommand\u00e9 d\u0027annuler le\ncontournement afin de revenir au fonctionnement nominal.\n\n\u003cs\u003eDans son avis, Microsoft propose une mesure de contournement en\nattendant la sortie du correctif.\u003c/s\u003e\n\n\u003cs\u003eLa modification du registre propos\u00e9e emp\u00eache l\u0027installation de\nnouveaux contr\u00f4les ActiveX. Celle-ci est r\u00e9versible.\u003c/s\u003e\n",
  "cves": [
    {
      "name": "CVE-2021-40444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40444"
    }
  ],
  "initial_release_date": "2021-09-08T00:00:00",
  "last_revision_date": "2022-05-04T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2021-AVI-710 du 15 septembre 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-710/"
    }
  ],
  "reference": "CERTFR-2021-ALE-019",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-08T00:00:00.000000"
    },
    {
      "description": "Ajout du lien vers l\u0027avis CERT-FR",
      "revision_date": "2021-09-15T00:00:00.000000"
    },
    {
      "description": "section \u0027contournement\u0027 corrig\u00e9e",
      "revision_date": "2021-11-18T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2022-05-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[Version du 15 septembre 2021\\]\u003c/strong\u003e Dans le cadre de son *Patch\nTuesday*, en date du 14 septembre 2021, Microsoft a mis \u00e0 disposition un\ncorrectif pour cette vuln\u00e9rabilit\u00e9. Le CERT-FR recommande fortement\nd\u0027appliquer ce correctif et, le cas \u00e9ch\u00e9ant, d\u0027enlever les\ncontournements pr\u00e9alablement appliqu\u00e9s pour se prot\u00e9ger de cette\nvuln\u00e9rabilit\u00e9.\n\n\u003cstrong\u003e\\[Version initiale\\]\u003c/strong\u003e\n\nCelle-ci affecte le composant MSHTML utilis\u00e9 par ActiveX. Un attaquant\npeut obtenir une ex\u00e9cution de code arbitraire \u00e0 distance en envoyant un\nfichier Office pi\u00e9g\u00e9.\n\nCette ex\u00e9cution de code s\u0027effectue avec les niveaux de privil\u00e8ges de\nl\u0027utilisateur ayant ouvert le document.\n\nAucun correctif n\u0027est disponible.\n\nMicrosoft indique \u00e9galement que cette vuln\u00e9rabilit\u00e9 est activement\nexploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.\n",
  "title": "[MaJ] Vuln\u00e9rabilit\u00e9 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-40444 du 07 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.