近日,8087金沙娱场城CERT 监测到安全研究人员在blackhat安全大会上公开了 Microsoft Exchange Server 中的远程代码执行漏洞,包括漏洞细节、验证视频和部分PoC,主要涉及以下三个漏洞:
CVE-2021-34473 :Pre-auth Path Confusion leads to ACL Bypass(ACL绕过漏洞)
CVE-2021-34523 - Elevation of Privilege on Exchange PowerShell Backend(权限提升漏洞)
CVE-2021-31207 - Post-auth Arbitrary-File-Write leads to RCE(授权任意文件写入漏洞)
远程攻击者在成功组合利用上述三个漏洞的情况下,可不经过任何身份验证在目标机器上执行任意代码。鉴于这些漏洞的危害较大,8087金沙娱场城CERT建议客户及时修复相关漏洞。以下为8087金沙娱场城CERT对CVE-2021-34473漏洞的复现截图:
CVE-2021-34473 ,CVSS评分为9.1CVE-2021-34523,CVSS评分为9.0CVE-2021-31207,CVSS评分为6.6Microsoft Exchange Server 2010
Microsoft Exchange Server 2013Microsoft Exchange Server 2016Microsoft Exchange Server 2019官方已发布对上述利用链漏洞的补丁,请及时安装相关补丁:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207
https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-ProxyLogon-Is-Just-The-Tip-Of-The-Iceberg-A-New-Attack-Surface-On-Microsoft-Exchange-Server.pdf
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207