{"id":9406,"date":"2021-03-11T13:32:46","date_gmt":"2021-03-11T10:32:46","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9406"},"modified":"2021-03-11T13:32:46","modified_gmt":"2021-03-11T10:32:46","slug":"exchange-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/exchange-vulnerabilities\/9406\/","title":{"rendered":"MS Exchange Server&#8217;daki dev g\u00fcvenlik a\u00e7\u0131klar\u0131"},"content":{"rendered":"<p>Microsoft, \u00e7e\u015fitli Exchange Server g\u00fcvenlik a\u00e7\u0131klar\u0131 i\u00e7in bant d\u0131\u015f\u0131 yamalar yay\u0131nlad\u0131. \u015eirkete g\u00f6re bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan d\u00f6rd\u00fc zaten hedefli sald\u0131r\u0131larda kullan\u0131l\u0131yor, bu nedenle <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-march-2021-exchange-server-security-updates\/ba-p\/2175901\" target=\"_blank\" rel=\"noopener nofollow\">yamalar\u0131 en k\u0131sa s\u00fcrede y\u00fcklemek<\/a> ak\u0131ll\u0131ca olacakt\u0131r.<\/p>\n<h2>Risk ne kadar b\u00fcy\u00fck?<\/h2>\n<p>Zaten istismar edilmi\u015f olan en tehlikeli d\u00f6rt g\u00fcvenlik a\u00e7\u0131\u011f\u0131, sald\u0131rganlar\u0131n \u00fc\u00e7 a\u015famal\u0131 bir sald\u0131r\u0131 ger\u00e7ekle\u015ftirmesine olanak tan\u0131yor. \u00d6nce bir Exchange sunucusuna eri\u015fiyorlar, ard\u0131ndan uzaktan sunucu eri\u015fimi i\u00e7in bir Web kabu\u011fu olu\u015fturuyor ve son olarak bu eri\u015fimi kurban\u0131n a\u011f\u0131ndan veri \u00e7almak i\u00e7in kullan\u0131yorlar. S\u00f6zkonusu g\u00fcvenlik a\u00e7\u0131klar\u0131:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26855\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-26855<\/a> <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/server-side-request-forgery-ssrf\/\" target=\"_blank\" rel=\"noopener\">\u2013 sunucu taraf\u0131nda sahte istekler<\/a> yollamak i\u00e7in kullan\u0131labilir ve kodlar\u0131n uzaktan y\u00fcr\u00fct\u00fclmesini sa\u011flar,<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26857\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-26857<\/a> \u2013 sistem ad\u0131na iste\u011fe ba\u011fl\u0131 kod \u00e7al\u0131\u015ft\u0131rmak i\u00e7in kullan\u0131labilir (bu, y\u00f6netici haklar\u0131n\u0131 veya \u00f6nceki g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanmay\u0131 gerektirir);<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26858\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-26858<\/a> ve <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-27065\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-27065<\/a> \u2013 bir sald\u0131rgan taraf\u0131ndan sunucudaki dosyalar\u0131n \u00fczerine ba\u015fka dosya yazmak i\u00e7in kullan\u0131labilir.<\/li>\n<\/ul>\n<p>Siber su\u00e7lular, d\u00f6rt g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 birbirleriyle ba\u011flant\u0131l\u0131 olarak kullan\u0131yorlar; ancak Microsoft\u2019a g\u00f6re, ilk sald\u0131r\u0131 yerine bazen \u00e7al\u0131nt\u0131 kimlik bilgilerini de kullan\u0131yorlar ve CVE-2021-26855 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanmadan sunucuda kimliklerini do\u011fruluyorlar.<\/p>\n<p>Ayn\u0131 yama,- ayr\u0131ca, Exchange\u2019deki s\u00f6zkonusu aktif hedefli sald\u0131r\u0131larla do\u011frudan ili\u015fkili olmayan (bildi\u011fimiz kadar\u0131yla) birka\u00e7 k\u00fc\u00e7\u00fck g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 da d\u00fczeltiyor.<\/p>\n<h2>Kimler risk alt\u0131nda?<\/h2>\n<p>Exchange\u2019in bulut s\u00fcr\u00fcm\u00fc bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan etkilenmiyor; yaln\u0131zca altyap\u0131 i\u00e7inde da\u011f\u0131t\u0131lan sunucular i\u00e7in tehdit olu\u015fturuyor. Microsoft ilk olarak, Microsoft Exchange Server 2013, Microsoft Exchange Server 2016 ve Microsoft Exchange Server 2019 ve ek olarak Microsoft Exchange Server 2010 i\u00e7in \u201cderinlemesine savunma\u201d <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-march-2021-exchange-server-security-updates\/ba-p\/2175901\" target=\"_blank\" rel=\"noopener nofollow\">g\u00fcncellemelerini<\/a> yay\u0131nlad\u0131. Ancak, g\u00fcvenlik ihlalinin ciddiyeti nedeniyle, ilk yamalardan sonra <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/march-2021-exchange-server-security-updates-for-older-cumulative\/ba-p\/2192020\" target=\"_blank\" rel=\"noopener nofollow\">daha eski Exchange Sunucular\u0131<\/a> i\u00e7in de yamalar yay\u0131nlad\u0131lar.<\/p>\n<p>Microsoft\u2019taki <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2021\/03\/02\/new-nation-state-cyberattacks\/\" target=\"_blank\" rel=\"noopener nofollow\">ara\u015ft\u0131rmac\u0131lara<\/a> g\u00f6re, gizli bilgileri \u00e7almak i\u00e7in bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlananlar Hafnium grubundaki bilgisayar korsanlar\u0131yd\u0131. Bu grubun hedefleri aras\u0131nda ABD\u2019li sanayi \u015firketleri, bula\u015f\u0131c\u0131 hastal\u0131k ara\u015ft\u0131rmac\u0131lar\u0131, hukuk firmalar\u0131, kar amac\u0131 g\u00fctmeyen kurulu\u015flar ve siyasi analistler bulunuyor. Kurbanlar\u0131n tam say\u0131s\u0131 bilinmiyor, ancak <a href=\"https:\/\/krebsonsecurity.com\/2021\/03\/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software\/\" target=\"_blank\" rel=\"noopener nofollow\">KrebsOnSecurity\u2019nin kaynaklar\u0131na g\u00f6re<\/a> ABD\u2019de k\u00fc\u00e7\u00fck i\u015fletmeler, kasaba ve \u015fehir y\u00f6netimleri ve yerel y\u00f6netimler dahil olmak \u00fczere en az 30.000 kurulu\u015f bu g\u00fcvenlik a\u00e7\u0131klar\u0131 arac\u0131l\u0131\u011f\u0131yla sald\u0131r\u0131ya u\u011frad\u0131. Uzmanlar\u0131m\u0131z, yaln\u0131zca Amerikan kurulu\u015flar\u0131n\u0131n tehlikede olmad\u0131\u011f\u0131n\u0131, d\u00fcnyan\u0131n her yerindeki siber su\u00e7lular\u0131n bu g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kulland\u0131\u011f\u0131n\u0131 ke\u015ffetti. <a href=\"https:\/\/securelist.com\/zero-day-vulnerabilities-in-microsoft-exchange-server\/101096\/\" target=\"_blank\" rel=\"noopener\">Securelist\u2019in g\u00f6nderisinde<\/a> sald\u0131r\u0131n\u0131n co\u011frafi yay\u0131l\u0131m\u0131 hakk\u0131nda daha fazla bilgi bulabilirsiniz.<\/p>\n<h2>MS Exchange sald\u0131r\u0131lar\u0131na kar\u015f\u0131 g\u00fcvenlik nas\u0131l sa\u011flan\u0131r?<\/h2>\n<ul>\n<li>\u0130lk olarak, Microsoft Exchange Server kurulumunuza <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-march-2021-exchange-server-security-updates\/ba-p\/2175901\" target=\"_blank\" rel=\"noopener nofollow\">yamalar\u0131 indirin.<\/a> \u015eirketiniz g\u00fcncellemeleri y\u00fckleyemiyorsa, Microsoft bir dizi <a href=\"https:\/\/msrc-blog.microsoft.com\/2021\/03\/05\/microsoft-exchange-server-vulnerabilities-mitigations-march-2021\/\" target=\"_blank\" rel=\"noopener nofollow\">ge\u00e7ici \u00e7\u00f6z\u00fcm<\/a> \u00f6neriyor.<\/li>\n<li>Microsoft\u2019a g\u00f6re, Exchange sunucusuna 443 numaral\u0131 ba\u011flant\u0131 noktas\u0131ndaki g\u00fcvenilmeyen eri\u015fimleri reddetmek veya genel olarak kurumsal a\u011f d\u0131\u015f\u0131ndan gelen ba\u011flant\u0131lar\u0131 s\u0131n\u0131rlamak sald\u0131r\u0131n\u0131n ilk a\u015famas\u0131n\u0131 durdurabilir. Ancak sald\u0131rganlar zaten altyap\u0131n\u0131n i\u00e7indeyse veya k\u00f6t\u00fc ama\u00e7l\u0131 bir dosyay\u0131 \u00e7al\u0131\u015ft\u0131rmak i\u00e7in y\u00f6netici haklar\u0131na sahip bir kullan\u0131c\u0131n\u0131n eri\u015fim haklar\u0131n\u0131 elde ederse, bu \u00e7\u00f6z\u00fcm size yard\u0131mc\u0131 olmaz.<\/li>\n<li>Bir\u00a0<a href=\"https:\/\/www.kaspersky.com.tr\/enterprise-security\/threat-management-defense-solution?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____tmd___\" target=\"_blank\" rel=\"noopener\">U\u00e7 Nokta Tespit ve Yan\u0131tlama<\/a> s\u0131n\u0131f\u0131ndaki bir \u00e7\u00f6z\u00fcm (dahili uzmanlar\u0131n\u0131z varsa) veya harici Y\u00f6netilen Tespit ve Yan\u0131t hizmeti uzmanlar\u0131 bu t\u00fcr k\u00f6t\u00fc niyetli hareketleri alg\u0131layabilir.<\/li>\n<li>\u0130ster sunucu ister i\u015f istasyonu olsun, internete ba\u011fl\u0131 her bilgisayar\u0131n, istismarlar\u0131 \u00f6nlemek ve k\u00f6t\u00fc niyetli davran\u0131\u015flar\u0131 proaktif olarak tespit etmek i\u00e7in\u00a0<a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">g\u00fcvenilir bir u\u00e7 nokta g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcne<\/a> ihtiyac\u0131 oldu\u011funu her zaman akl\u0131n\u0131zda bulundurun.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Sald\u0131rganlar, kurumsal a\u011flarda kendilerine yer bulmak i\u00e7in Microsoft Exchange&#8217;deki d\u00f6rt tehlikeli g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlan\u0131yor.<\/p>\n","protected":false},"author":2581,"featured_media":9407,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2376,790,38,2377],"class_list":{"0":"post-9406","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-exchange","10":"tag-guvenlik-aciklari","11":"tag-microsoft","12":"tag-yamalar"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/exchange-vulnerabilities\/9406\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/exchange-vulnerabilities\/22592\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/exchange-vulnerabilities\/18085\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/exchange-vulnerabilities\/24317\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/exchange-vulnerabilities\/22385\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/exchange-vulnerabilities\/21250\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/exchange-vulnerabilities\/24847\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/exchange-vulnerabilities\/24085\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/exchange-vulnerabilities\/30228\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/exchange-vulnerabilities\/38964\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/exchange-vulnerabilities\/16505\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/exchange-vulnerabilities\/17104\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/exchange-vulnerabilities\/14553\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/exchange-vulnerabilities\/26321\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/exchange-vulnerabilities\/30177\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/exchange-vulnerabilities\/26768\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/exchange-vulnerabilities\/23631\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/exchange-vulnerabilities\/28972\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/exchange-vulnerabilities\/28781\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9406"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9406\/revisions"}],"predecessor-version":[{"id":9408,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9406\/revisions\/9408"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9407"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}