{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Windows Server 2022","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2012","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 2004 pour syst\u00e8mes 32 bits","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 pour syst\u00e8mes x64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 1809 pour syst\u00e8mes x64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 1909 pour syst\u00e8mes x64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2019 (Server Core installation)","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server, version 2004 (Server Core installation)","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2019","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2012 R2","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 21H1 pour syst\u00e8mes ARM64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2022 (Server Core installation)","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 1607 pour syst\u00e8mes 32 bits","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 1809 pour syst\u00e8mes ARM64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 1809 pour syst\u00e8mes 32 bits","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 20H2 pour syst\u00e8mes x64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 21H1 pour syst\u00e8mes 32 bits","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 2004 pour syst\u00e8mes ARM64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2016 (Server Core installation)","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows RT 8.1","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 1909 pour syst\u00e8mes ARM64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 21H1 pour syst\u00e8mes x64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 7 pour syst\u00e8mes x64 Service Pack 1","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 1909 pour syst\u00e8mes 32 bits","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 20H2 pour syst\u00e8mes 32 bits","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 1607 pour syst\u00e8mes x64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2012 (Server Core installation)","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 2004 pour syst\u00e8mes x64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 8.1 pour syst\u00e8mes x64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2016","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 Version 20H2 pour syst\u00e8mes ARM64","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 8.1 pour syst\u00e8mes 32 bits","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server, version 20H2 (Server Core Installation)","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2012 R2 (Server Core installation)","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 10 pour syst\u00e8mes 32 bits","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 7 pour syst\u00e8mes 32 bits Service Pack 1","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"closed_at":"2022-05-04","content":"## Contournement provisoire\n\n**\\[Version du 15 septembre 2021\\]** il est recommand\u00e9 d'annuler le\ncontournement afin de revenir au fonctionnement nominal.\n\n<s>Dans son avis, Microsoft propose une mesure de contournement en\nattendant la sortie du correctif.</s>\n\n<s>La modification du registre propos\u00e9e emp\u00eache l'installation de\nnouveaux contr\u00f4les ActiveX. Celle-ci est r\u00e9versible.</s>\n","cves":[{"name":"CVE-2021-40444","url":"https://www.cve.org/CVERecord?id=CVE-2021-40444"}],"links":[{"title":"Avis CERT-FR CERTFR-2021-AVI-710 du 15 septembre 2021","url":"https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-710/"}],"reference":"CERTFR-2021-ALE-019","revisions":[{"description":"Version initiale","revision_date":"2021-09-08T00:00:00.000000"},{"description":"Ajout du lien vers l'avis CERT-FR","revision_date":"2021-09-15T00:00:00.000000"},{"description":"section 'contournement' corrig\u00e9e","revision_date":"2021-11-18T00:00:00.000000"},{"description":"Cl\u00f4ture de l'alerte. Cela ne signifie pas la fin d'une menace. Seule l'application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l'exploitation de la vuln\u00e9rabilit\u00e9 correspondante.","revision_date":"2022-05-04T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"<strong>\\[Version du 15 septembre 2021\\]</strong> Dans le cadre de son *Patch\nTuesday*, en date du 14 septembre 2021, Microsoft a mis \u00e0 disposition un\ncorrectif pour cette vuln\u00e9rabilit\u00e9. Le CERT-FR recommande fortement\nd'appliquer ce correctif et, le cas \u00e9ch\u00e9ant, d'enlever les\ncontournements pr\u00e9alablement appliqu\u00e9s pour se prot\u00e9ger de cette\nvuln\u00e9rabilit\u00e9.\n\n<strong>\\[Version initiale\\]</strong>\n\nCelle-ci affecte le composant MSHTML utilis\u00e9 par ActiveX. Un attaquant\npeut obtenir une ex\u00e9cution de code arbitraire \u00e0 distance en envoyant un\nfichier Office pi\u00e9g\u00e9.\n\nCette ex\u00e9cution de code s'effectue avec les niveaux de privil\u00e8ges de\nl'utilisateur ayant ouvert le document.\n\nAucun correctif n'est disponible.\n\nMicrosoft indique \u00e9galement que cette vuln\u00e9rabilit\u00e9 est activement\nexploit\u00e9e dans le cadre d'attaques cibl\u00e9es.\n","title":"[MaJ] Vuln\u00e9rabilit\u00e9 dans Microsoft Windows","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-40444 du 07 septembre 2021","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444"}]}