Áú8¹ú¼Êµç×Óƽ̨

long8-Áú8(¹ú¼Ê)Ψһ¹Ù·½ÍøÕ¾ Ê×Ò³long8-Áú8(¹ú¼Ê)Ψһ¹Ù·½ÍøÕ¾Çå¾²·þÎñlong8-Áú8(¹ú¼Ê)Ψһ¹Ù·½ÍøÕ¾Ç徲ͨ¸æ long8-Áú8(¹ú¼Ê)Ψһ¹Ù·½ÍøÕ¾
ÕýÎÄ

¹ØÓÚ΢ÈíExchange¶à¸ö¸ßΣÎó²îµÄÇ徲ͨ¸æ

Ðû²¼Ê±¼ä£º2021-03-03 08:03   ä¯ÀÀ´ÎÊý£º7815

2021Äê3ÔÂ3ÈÕ£¬Î¢Èí¹«Ë¾Åû¶Exchangeϵͳ±£´æ¶à¸ö¸ßΣº¦µÄÎó²î£¬°üÀ¨£ºCVE-2021-26855·þÎñ¶ËÇëÇóαÔìÎó²î¡¢CVE-2021-26857ÐòÁл¯Îó²î¡¢CVE-2021-26858ºÍCVE-2021-27065í§ÒâÎļþдÈëÎó²î ¡£

½¨Òé¸÷Óû§×öºÃϵͳ×ʲúÇå¾²×Ô²éÒÔ¼°·ÀÓùÊÂÇ飬±ÜÃâ²»·¨ÈëÇÖÊÂÎñµÄ±¬·¢ ¡£

 

¡¾Îó²îÐÎò¡¿

1. CVE-2021-26855·þÎñ¶ËÇëÇóαÔìÎó²î

ÎÞÐèÉí·ÝÑéÖ¤£¬¹¥»÷Õ߿ɶÔExchange ServerµÄÌᳫí§ÒâHTTPÇëÇ󣬴ӶøɨÃèÄÚÍø²¢¿É»ñÈ¡ExchangeÓû§ÐÅÏ¢ ¡£

 

2£®CVE-2021-26857·´ÐòÁл¯Îó²î

ÔÚÓµÓÐExchange ¹ÜÀíԱȨÏÞ¼°Ê¹ÓÃÆäËûÎó²îÇéÐÎÏ£¬¹¥»÷Õßͨ¹ý½á¹¹¶ñÒâÇëÇó¿É´¥·¢·´ÐòÁл¯Îó²î£¬¶ÔϵͳִÐÐí§Òâ´úÂë ¡£

 

3£®CVE-2021-26858ºÍCVE-2021-27065í§ÒâÎļþдÈëÎó²î

ÓµÓÐExchange ¹ÜÀíԱȨÏÞ»òÍŽáCVE-2021-26855Îó²î£¬Í¨¹ý½á¹¹¶ñÒâÇëÇ󣬿ɶÔϵͳдÈëí§ÒâÎļþ ¡£

 

¡¾Ó°Ïì°æ±¾¡¿

Microsoft Exchange Server 2010

Microsoft Exchange Server 2013

Microsoft Exchange Server 2016

Microsoft Exchange Server 2019

 

¡¾ÐÞ¸´¼Æ»®¡¿

¶ÔÓ¦µÄÎó²î£¬Î¢ÈíÒÑÐû²¼Ïà¹ØÇå¾²²¹¶¡£¬¸÷Óû§ÊµÊ±¾ÙÐÐÉý¼¶:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065

 

¡¾¼à²âÌá·À¡¿

¿Éͨ¹ýÈçϼà²âÒªÁ죬À´ÅжÏϵͳÊÇ·ñÊܵ½¶ÔÓ¦Îó²îµÄ¶ñÒâ¹¥»÷£º

1.CVE-2021-26855ͨ¹ýExchange HttpProxyÈÕÖ¾¼ì²â£º

%PROGRAMFILES%\Microsoft\Exchange Server\V15\Logging\HttpProxy

 

ͨ¹ýPowerShell¿ÉÖ±½Ó¾ÙÐÐÈÕÖ¾¼ì²âÒÔ¼°¼ì²éÊÇ·ñÊܵ½¹¥»÷£º

Import-Csv -Path (Get-ChildItem -Recurse -Path ¡°$env:PROGRAMFILES\Microsoft\Exchange Server\V15\Logging\HttpProxy¡± -Filter ¡®*.log¡¯).FullName | Where-Object {  $_.AuthenticatedUser -eq ¡± -and $_.AnchorMailbox -like ¡®ServerInfo~*/*¡¯ } | select DateTime, AnchorMailbox

 

ÒÔÏÂĿ¼¿ÉÉó²é¹¥»÷ÕßµÄÏêϸ²Ù×÷£º

%PROGRAMFILES%\Microsoft\Exchange Server\V15\Logging

 

2. CVE-2021-26857·´ÐòÁл¯Îó²î

ʹÓÃÒÔÏÂÏÂÁî¼ì²âÈÕÖ¾ÐÅÏ¢£¬ÅжÏÊÇ·ñÊܵ½¹¥»÷£º

Get-EventLog -LogName Application -Source ¡°MSExchange Unified Messaging¡± -EntryType Error | Where-Object { $_.Message -like ¡°*System.InvalidCastException*¡± }

 

3.CVE-2021-26858í§ÒâÎļþдÈëÎó²îÈÕÖ¾

Ŀ¼ÈçÏ£º

C:\ProgramFiles\Microsoft\ExchangeServer\V15\Logging\OABGeneratorLog

 

ʹÓÃÒÔÏÂÏÂÁî¼ì²âÈÕÖ¾ÐÅÏ¢£¬ÅжÏÊÇ·ñÊܵ½¹¥»÷:

findstr /snip /c:¡±Download failed and temporary file¡± ¡°%PROGRAMFILES%\Microsoft\Exchange Server\V15\Logging\OABGeneratorLog\*.log¡±

 

4. CVE-2021-27065í§ÒâÎļþдÈëÎó²î

ͨ¹ýPowerShellÏÂÁî¾ÙÐÐÈÕÖ¾¼ì²â:

Select-String -Path ¡°$env:PROGRAMFILES\Microsoft\Exchange Server\V15\Loggin

 

¡¾²Î¿¼×ÊÁÏ¡¿

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/


Áú8¹ú¼Êµç×Óƽ̨ °æȨËùÓÐ  ÁªÏµ: hxzhb@heidun.net ÃöICP±¸06011901ºÅ ? 1999-2024 Fujian Strait Information Corporation. All Rights Reserved.
long8-Áú8(¹ú¼Ê)Ψһ¹Ù·½ÍøÕ¾

·µ»Ø¶¥²¿

ÍøÕ¾µØͼ