{"id":455,"date":"2021-03-10T13:50:35","date_gmt":"2021-03-10T05:50:35","guid":{"rendered":"http:\/\/cms.aaasec.com.tw\/?p=455"},"modified":"2021-03-11T15:27:20","modified_gmt":"2021-03-11T07:27:20","slug":"exchange-sever","status":"publish","type":"post","link":"https:\/\/cms.aaasec.com.tw\/index.php\/2021\/03\/10\/exchange-sever\/","title":{"rendered":"Exchange Sever\u767c\u73fe\u91cd\u5927\u6f0f\u6d1e\u8207\u5927\u898f\u6a21\u653b\u64ca\uff01"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-456\" src=\"https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2021\/03\/\u6ce8\u610f.png\" alt=\"\" width=\"1323\" height=\"1323\" \/><\/p>\n<p><!--more--><\/p>\n<p>By AAA\u6280\u8853\u5718\u968a<\/p>\n<p>\u4e0a\u9031\u8cc7\u5b89\u754c\u6700\u71b1\u9580\u7684\u65b0\u805e\u4e4b\u4e00\u5c31\u5c6cExchange Server\u5f31\u9ede\u3002\u6839\u64da\u8cc7\u5b89\u5ee0\u5546Huntress\u7684\u8abf\u67e5\u8207\u5fae\u8edf\u516c\u5e03\u6d88\u606f\uff0c\u4e2d\u570b\u99ed\u5ba2\u7d44\u7e54Hafnium\u65bc\u8fd1\u65e5\u900f\u904eExchange Server\u76844\u9805\u96f6\u6642\u5dee\u6f0f\u6d1e\u767c\u52d5\u653b\u64ca(CVE-2021-26855\u3001CVE-2021-26857\u3001CVE-2021-26858\u53caCVE-2021-27065)\u3002\u622a\u81f3\u73fe\u4eca\u5df2\u5728\u7f8e\u570b\u9020\u6210\u81f3\u5c113\u842c\u500b\u7d44\u7e54\u53d7\u5bb3\uff0c\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u67b6\u69cb\u5b89\u5168\u7f72(CISA)\u5df2\u767c\u5e03\u7dca\u6025\u6307\u4ee4\uff0c\u8981\u6c42\u653f\u5e9c\u55ae\u4f4d\u7acb\u5373\u6e05\u67e5\u5167\u90e8Exchange Server\u74b0\u5883\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\u3010\u653b\u64ca\u624b\u6cd5\u3011<\/strong><\/p>\n<p>\u8cc7\u5b89\u5ee0\u5546Volexity\u6700\u65e9\u65bc\u4eca\u5e74(2021)1\u67086\u65e5\u767c\u73fe\u653b\u64ca\u884c\u52d5\uff0c\u5fae\u8edf\u65bc\u78ba\u8a8d\u5f31\u9ede\u5f8c\u8457\u624b\u9032\u884c\u4fee\u5fa9\uff0c\u4e26\u65bc3\u67082\u65e5\u91cb\u51fa\u4fee\u88dc\u7a0b\u5f0f\u8207\u5b89\u5168\u516c\u544a\uff0c\u7136\u800c\u653b\u64ca\u884c\u70ba\u4ecd\u6301\u7e8c\u9032\u884c\u8207\u64f4\u6563\uff0c\u64da\u63a8\u6e2c\u5168\u7403\u53ef\u80fd\u6709\u300c\u6578\u5341\u842c\u53f0\u300d\u906d\u5230\u5f71\u97ff\u3002\u8a72\u653b\u64ca\u884c\u70ba\u9996\u5148\u5229\u7528\u4f3a\u670d\u5668\u8acb\u6c42\u507d\u9020(SSRF)\u6f0f\u6d1e(CVE-2021-26855)\uff0c\u900f\u904e\u50b3\u9001\u7279\u88fd\u7684HTTP\u8acb\u6c42\u9032\u5165\u76ee\u6a19\u4f3a\u670d\u5668\uff0c\u63a5\u8457\u900f\u904eUnified Messaging\u670d\u52d9\u7684\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e(CVE-2021-26857)\u4ee5\u7cfb\u7d71\u6b0a\u9650\u57f7\u884c\u7a0b\u5f0f\u78bc\uff1b\u518d\u642d\u914d\u4efb\u610f\u6a94\u6848\u5beb\u5165\u6f0f\u6d1e(CVE-2021-26858\u3001CVE-2021-27065)\uff0c\u5373\u53ef\u65bc\u76ee\u6a19Exchange Server\u5beb\u5165\u7a0b\u5f0f\uff0c\u800c\u672c\u6b21\u8cc7\u5b89\u4e8b\u4ef6\u4e2d\u5373\u5728\u53d7\u5bb3\u4e3b\u6a5f\u5167\u767c\u73fe\u653b\u64ca\u8005\u900f\u904e\u4e0a\u8ff0\u624b\u6cd5\u690d\u5165Web shell\u7a0b\u5f0f\uff0c\u900f\u904e\u8a72\u60e1\u610f\u7a0b\u5f0f\uff0c\u653b\u64ca\u8005\u53ef\u80fd\u7aca\u53d6\u6a5f\u654f\u8cc7\u6599\u6216\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\uff0c\u751a\u81f3\u53d6\u5f97\u76ee\u6a19\u4e3b\u6a5f\u63a7\u5236\u6b0a\u4e26\u9032\u884c\u4e0b\u4e00\u6b65\u653b\u64ca\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\u3010\u5982\u4f55\u61c9\u5c0d\u3011<\/strong><\/p>\n<p>\u672c\u6b21\u91cd\u5927\u6f0f\u6d1e\u53d7\u5f71\u97ff\u7bc4\u570d\u5305\u542bMicrosoft Exchange Server 2013\u30012016\u53ca2019\uff0c\u5fae\u8edf\u9664\u91dd\u5c0d\u4e0a\u8ff0\u56db\u9805\u5df2\u88ab\u958b\u63a1\u6f0f\u6d1e\u91cb\u51fa\u4fee\u88dc\u7a0b\u5f0f[\u8a3b1]\u3002\u82e5\u60a8\u7684\u4f3a\u670d\u5668\u4e3b\u6a5f\u70ba\u53d7\u5bb3\u7bc4\u570d\u4f5c\u696d\u7cfb\u7d71\uff0c\u61c9\u66f4\u65b0\u5fae\u8edf\u91cb\u51fa\u4e4b\u4fee\u88dc\u7a0b\u5f0f\u3002\u6b64\u5916\uff0c\u7531\u65bc\u672c\u6b21\u6f0f\u6d1e\u53ef\u6ce8\u5165Web shell\uff0c\u5efa\u8b70\u61c9\u76e1\u901f\u67e5\u627e\u4f3a\u670d\u5668\u662f\u5426\u6709\u88ab\u690d\u5165Web shell\u6216\u5176\u4ed6\u5165\u4fb5\u75d5\u8de1\u3002<\/p>\n<p>\u5fae\u8edf\u6240\u767c\u5e03\u4e4b\u66f4\u65b0\u6a94\u5982\u4e0b\uff1a<\/p>\n<ol>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26855\">https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26855<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26857\">https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26857<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26858\">https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26858<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-27065\">https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-27065<\/a><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><strong>\u3010\u600e\u9ebc\u78ba\u8a8d\u6709\u6c92\u6709\u88ab\u4fb5\u5165\u6216\u88ab\u690d\u5165\u60e1\u610f\u7a0b\u5f0f\u3011\uff08\u5de5\u5546\u6642\u9593\uff09<\/strong><\/p>\n<p>\u900f\u904e\u4e09\u7532\u79d1\u6280\u7684\u300c\u8cc7\u5b89\u5065\u8a3a\u300d\u670d\u52d9\uff0c\u85c9\u7531\u60e1\u610f\u7a0b\u5f0f\u6aa2\u8996\u53ef\u67e5\u770b\u96fb\u8166\u4e3b\u6a5f\u662f\u5426\u6709\u6f5b\u85cf\u7684\u60e1\u610f\u7a0b\u5f0f\uff1b\u800c\u5c01\u5305\u5074\u9304\u8207\u8a2d\u5099\u7d00\u9304\u6a94\u5206\u6790\u53ef\u9032\u4e00\u6b65\u8ffd\u8e64\u60e1\u610f\u9ed1\u540d\u55ae\u8207\u63a2\u67e5\u53ef\u7591\u884c\u70ba\uff0c\u5354\u52a9\u65bc\u6700\u65e9\u6642\u9593\u5167\u6316\u6398\u6f5b\u85cf\u65bc\u74b0\u5883\u5167\u7684\u53ef\u7591\u7a0b\u5f0f\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\u8a3b1\uff1a\u9664\u4e86\u672c\u6b214\u9805\u6f0f\u6d1e\uff0c\u5fae\u8edf\u540c\u6642\u4e5f\u91cb\u51fa\u4e26\u547c\u6236\u5b89\u88dd\u53e6\u59163\u9805\u6f0f\u6d1e\u4fee\u88dc\u7a0b\u5f0f(CVE-2021-26412\u3001CVE-2021-26854\u53caCVE-2021-27078)\uff0c\u5176\u767c\u5e03\u4e4b\u66f4\u65b0\u6a94\u5982\u4e0b\uff1a<\/strong><\/p>\n<ol>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26412\">https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26412<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26854\">https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26854<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-27078\">https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-27078<\/a><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><strong>\u53c3\u8003\u8cc7\u6599\uff1a<\/strong><\/p>\n<ol>\n<li><a href=\"https:\/\/msrc-blog.microsoft.com\/2021\/03\/02\/multiple-security-updates-released-for-exchange-server\/\">https:\/\/msrc-blog.microsoft.com\/2021\/03\/02\/multiple-security-updates-released-for-exchange-server\/<\/a><\/li>\n<li><a href=\"https:\/\/cyber.dhs.gov\/ed\/21-02\/\">https:\/\/cyber.dhs.gov\/ed\/21-02\/<\/a><\/li>\n<li><a href=\"https:\/\/www.ithome.com.tw\/news\/143001\">https:\/\/www.ithome.com.tw\/news\/143001<\/a><\/li>\n<li><a href=\"https:\/\/www.ithome.com.tw\/news\/143056\">https:\/\/www.ithome.com.tw\/news\/143056<\/a><\/li>\n<li><a href=\"https:\/\/www.ithome.com.tw\/news\/143079\">https:\/\/www.ithome.com.tw\/news\/143079<\/a><\/li>\n<li><a href=\"https:\/\/www.informationsecurity.com.tw\/article\/article_detail.aspx?aid=9085\">https:\/\/www.informationsecurity.com.tw\/article\/article_detail.aspx?aid=9085<\/a><\/li>\n<li><a href=\"https:\/\/www.volexity.com\/blog\/2021\/03\/02\/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities\/\">https:\/\/www.volexity.com\/blog\/2021\/03\/02\/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities\/<\/a><\/li>\n<li><a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2021\/03\/02\/new-nation-state-cyberattacks\/\">https:\/\/blogs.microsoft.com\/on-the-issues\/2021\/03\/02\/new-nation-state-cyberattacks\/<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[27],"tags":[],"_links":{"self":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/455"}],"collection":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/comments?post=455"}],"version-history":[{"count":4,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/455\/revisions"}],"predecessor-version":[{"id":463,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/455\/revisions\/463"}],"wp:attachment":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/media?parent=455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/categories?post=455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/tags?post=455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}