{"id":143245,"date":"2024-08-14T15:09:21","date_gmt":"2024-08-14T13:09:21","guid":{"rendered":"https:\/\/sftarticles.wpenginepowered.com\/es\/?p=338524"},"modified":"2025-06-12T10:45:07","modified_gmt":"2025-06-12T09:45:07","slug":"microsoft-corrige-une-grave-vulnerabilite-dans-lun-de-ses-services-ia","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/fr\/microsoft-corrige-une-grave-vulnerabilite-dans-lun-de-ses-services-ia\/","title":{"rendered":"Microsoft corrige une grave vuln\u00e9rabilit\u00e9 dans l&#8217;un de ses services IA"},"content":{"rendered":"\n<p><strong>Microsoft<\/strong> a corrig\u00e9 une grave vuln\u00e9rabilit\u00e9 dans <strong>Azure Health Bot Service<\/strong>, un outil aliment\u00e9 par l&#8217;intelligence artificielle qui permet aux d\u00e9veloppeurs de <strong>cr\u00e9er et d\u00e9ployer des assistants virtuels de sant\u00e9<\/strong>. Cette faille, identifi\u00e9e par <strong><a href=\"https:\/\/www.tenable.com\/blog\/compromising-microsofts-ai-healthcare-chatbot-service\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">Tenable<\/a><\/strong>, une entreprise de cybers\u00e9curit\u00e9, <strong>mettait en danger l&#8217;int\u00e9grit\u00e9 des donn\u00e9es confidentielles des patients<\/strong>, car elle permettait aux acteurs malveillants de se d\u00e9placer lat\u00e9ralement \u00e0 travers l&#8217;infrastructure informatique des organisations de sant\u00e9.<\/p>\n\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-icon-s\/p\/2c07ee82-394d-11e7-804a-bc71dd8bf260\/3154456208\/microsoft-azure-logo\" alt=\"Microsoft Azure\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Microsoft Azure<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/microsoft-azure.fr.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\">T\u00c9L\u00c9CHARGER<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        \r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/microsoft-azure.fr.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n\n\n\n<p>Azure Health Bot Service est con\u00e7u pour <strong>aider les organisations de sant\u00e9 \u00e0 r\u00e9duire les co\u00fbts et am\u00e9liorer l&#8217;efficacit\u00e9<\/strong>, sans compromettre la conformit\u00e9 r\u00e9glementaire. Cependant, en travaillant avec une grande quantit\u00e9 d&#8217;informations sensibles, la s\u00e9curit\u00e9 des donn\u00e9es devient un aspect crucial. Tenable a d\u00e9cid\u00e9 d&#8217;analyser comment le chatbot g\u00e8re la charge de travail et a <strong>d\u00e9couvert une s\u00e9rie de vuln\u00e9rabilit\u00e9s dans une fonction connue sous le nom de \u00ab\u00a0Data Connections<\/strong>\u00a0\u00bb, con\u00e7ue pour extraire des donn\u00e9es d&#8217;autres services.<\/p>\n\n\n\n<p>Bien que cet outil dispose de sauvegardes int\u00e9gr\u00e9es pour bloquer l&#8217;acc\u00e8s non autoris\u00e9 aux API internes, <strong>les chercheurs ont r\u00e9ussi \u00e0 contourner ces protections gr\u00e2ce \u00e0 une approche technique<\/strong> : ils ont configur\u00e9 un h\u00f4te externe contr\u00f4l\u00e9 par eux-m\u00eames et l&#8217;ont utilis\u00e9 pour \u00e9mettre des r\u00e9ponses de redirection 301 vers le service de m\u00e9tadonn\u00e9es Azure (IMDS).<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/articles-img.sftcdn.net\/sft\/articles\/auto-mapping-folder\/sites\/2\/2024\/08\/Microsoft-Azure-Health-Bot-Services.jpg\" alt=\"\" class=\"wp-image-338525\" \/><\/figure>\n<\/div>\n\n\n<p>Cette man\u0153uvre leur a permis d&#8217;obtenir une r\u00e9ponse de m\u00e9tadonn\u00e9es valide, qui contenait un jeton d&#8217;acc\u00e8s \u00e0 management.azure.com. Avec ce jeton, ils ont pu acc\u00e9der \u00e0 une liste de toutes les abonnements disponibles, exposant ainsi des informations potentiellement sensibles.<\/p>\n\n\n\n<p>Les experts de Tenable, qui ont inform\u00e9 Microsoft de ces d\u00e9couvertes il y a quelques mois, ont soulign\u00e9 que la vuln\u00e9rabilit\u00e9 trouv\u00e9e n&#8217;\u00e9tait pas due \u00e0 des failles dans les mod\u00e8les d&#8217;IA, mais dans l&#8217;architecture sous-jacente du service de chatbot d&#8217;IA. Apr\u00e8s avoir pris connaissance de cela, <strong>Microsoft a agi rapidement et a corrig\u00e9 la vuln\u00e9rabilit\u00e9 dans toutes les r\u00e9gions concern\u00e9es<\/strong>. Jusqu&#8217;\u00e0 pr\u00e9sent, aucune preuve n&#8217;a \u00e9t\u00e9 trouv\u00e9e que cette vuln\u00e9rabilit\u00e9 ait \u00e9t\u00e9 exploit\u00e9e dans des environnements r\u00e9els, ce qui sugg\u00e8re que les mesures correctives \u00e9taient efficaces et opportunes.<\/p>\n\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-icon-s\/p\/2c07ee82-394d-11e7-804a-bc71dd8bf260\/3154456208\/microsoft-azure-logo\" alt=\"Microsoft Azure\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Microsoft Azure<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/microsoft-azure.fr.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\">T\u00c9L\u00c9CHARGER<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        \r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/microsoft-azure.fr.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft a corrig\u00e9 une grave vuln\u00e9rabilit\u00e9 dans Azure Health Bot Service, un outil aliment\u00e9 par l&#8217;intelligence artificielle qui permet aux d\u00e9veloppeurs de cr\u00e9er et d\u00e9ployer des assistants virtuels de sant\u00e9. Cette faille, identifi\u00e9e par Tenable, une entreprise de cybers\u00e9curit\u00e9, mettait en danger l&#8217;int\u00e9grit\u00e9 des donn\u00e9es confidentielles des patients, car elle permettait aux acteurs malveillants de &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/fr\/microsoft-corrige-une-grave-vulnerabilite-dans-lun-de-ses-services-ia\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Microsoft corrige une grave vuln\u00e9rabilit\u00e9 dans l&#8217;un de ses services IA&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9256,"featured_media":143247,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":1},"categories":[16761],"tags":[17198],"usertag":[],"vertical":[],"content-category":[17507],"class_list":["post-143245","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectionmicrosoft-azure","content-category-ia"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/posts\/143245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/users\/9256"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/comments?post=143245"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/posts\/143245\/revisions"}],"predecessor-version":[{"id":160494,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/posts\/143245\/revisions\/160494"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/media\/143247"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/media?parent=143245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/categories?post=143245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/tags?post=143245"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/usertag?post=143245"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/vertical?post=143245"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/content-category?post=143245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}