{"id":172801,"date":"2025-07-28T12:15:07","date_gmt":"2025-07-28T11:15:07","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/es\/?p=391349"},"modified":"2025-07-28T12:15:52","modified_gmt":"2025-07-28T11:15:52","slug":"les-serveurs-de-microsoft-sont-en-danger-en-raison-dune-grave-vulnerabilite","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/fr\/les-serveurs-de-microsoft-sont-en-danger-en-raison-dune-grave-vulnerabilite\/","title":{"rendered":"Les serveurs de Microsoft sont en danger en raison d&#039;une grave vuln\u00e9rabilit\u00e9"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">L&#8217;Agence de la cybers\u00e9curit\u00e9 et des infrastructures (CISA) a \u00e9mis une alerte urgente concernant deux vuln\u00e9rabilit\u00e9s critiques dans Microsoft SharePoint, d\u00e9sign\u00e9es comme CVE-2025-49704 et CVE-2025-49706. <strong>Les deux vuln\u00e9rabilit\u00e9s sont activement exploit\u00e9es dans le monde, ce qui repr\u00e9sente un risque significatif pour les organisations qui exploitent des serveurs SharePoint locaux<\/strong>.<\/p>\n\n\n<h2 class=\"wp-block-heading\">Une vuln\u00e9rabilit\u00e9 qui peut s&#8217;av\u00e9rer critique<\/h2>\n\n\n<p class=\"wp-block-paragraph\">La premi\u00e8re vuln\u00e9rabilit\u00e9, CVE-2025-49704, est une faille grave d&#8217;injection de code qui permet \u00e0 des attaquants autoris\u00e9s d&#8217;ex\u00e9cuter du code arbitraire via une connexion r\u00e9seau, ce qui pourrait entra\u00eener un contr\u00f4le total sur le serveur compromis.<strong> Cette vuln\u00e9rabilit\u00e9 est class\u00e9e comme CWE-94, se r\u00e9f\u00e9rant au Contr\u00f4le Inad\u00e9quat de la G\u00e9n\u00e9ration de Code, et peut entra\u00eener l&#8217;exposition de donn\u00e9es sensibles et une possible exfiltration d&#8217;informations<\/strong>.<\/p>\n\n\n<p class=\"wp-block-paragraph\">D&#8217;autre part, CVE-2025-49706 est une vuln\u00e9rabilit\u00e9 d&#8217;authentification incorrecte qui facilite les attaques de falsification, permettant aux attaquants de contourner les contr\u00f4les d&#8217;authentification et d&#8217;acc\u00e9der sans autorisation \u00e0 des informations critiques. <strong>Cette faille est class\u00e9e sous CWE-287, et son exploitation r\u00e9ussie permet aux attaquants de modifier des donn\u00e9es et de compromettre l&#8217;int\u00e9grit\u00e9 des environnements SharePoint<\/strong>.<\/p>\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"SharePoint en 1 minuto\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/HHsqRgPf-Bo?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n<p class=\"wp-block-paragraph\">Lorsque les deux vuln\u00e9rabilit\u00e9s sont combin\u00e9es, elles cr\u00e9ent un vecteur d&#8217;attaque puissant. <strong>Les attaquants utilisent souvent CVE-2025-49706 pour contourner l&#8217;authentification et exploitent ensuite CVE-2025-49704 pour injecter du code malveillant<\/strong>. La CISA a ajout\u00e9 les deux vuln\u00e9rabilit\u00e9s \u00e0 son catalogue des Vuln\u00e9rabilit\u00e9s Connues Exploit\u00e9es (KEV) avec un d\u00e9lai de rem\u00e9diation de 24 heures, soulignant l&#8217;urgence et la gravit\u00e9 de la situation.<\/p>\n\n\n<p class=\"wp-block-paragraph\">De m\u00eame, le CISA a recommand\u00e9 aux organisations de prendre des mesures imm\u00e9diates, en particulier celles qui utilisent des versions de SharePoint qui ne sont plus prises en charge. <strong>Pour les versions prises en charge, il est conseill\u00e9 d&#8217;appliquer les derniers correctifs de s\u00e9curit\u00e9 et de suivre les recommandations de mitigation fournies par Microsoft<\/strong>.<\/p>\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-icon-s\/p\/449d6486-96d2-11e6-b4e2-00163ec9f5fa\/2182742371\/microsoft-edge-Icon.jpg\" alt=\"Microsoft Edge\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Microsoft Edge<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/microsoft-edge.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\">T\u00c9L\u00c9CHARGER<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        \r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/microsoft-edge.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>L&#8217;Agence de cybers\u00e9curit\u00e9 et d&#8217;infrastructure (CISA) a \u00e9mis une alerte urgente concernant deux vuln\u00e9rabilit\u00e9s critiques dans Microsoft SharePoint, d\u00e9sign\u00e9es comme CVE-2025-49704 et CVE-2025-49706. Les deux vuln\u00e9rabilit\u00e9s sont activement exploit\u00e9es dans le monde, ce qui repr\u00e9sente un risque significatif pour les organisations qui exploitent des serveurs SharePoint locaux. Une vuln\u00e9rabilit\u00e9 qui peut s&#8217;av\u00e9rer critique La premi\u00e8re vuln\u00e9rabilit\u00e9, CVE-2025-49704, est une faille grave d&#8217;injection de code qui permet \u00e0 des attaquants autoris\u00e9s d&#8217;ex\u00e9cuter du code arbitraire via une connexion r\u00e9seau, ce qui pourrait entra\u00eener un contr\u00f4le total sur le serveur compromis. Cette vuln\u00e9rabilit\u00e9 est class\u00e9e comme CWE-94, se r\u00e9f\u00e9rant [&hellip;]<\/p>\n","protected":false},"author":9318,"featured_media":172802,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[16761,22339],"tags":[17677,25568,25569,25570,53,25571,17291],"usertag":[],"vertical":[],"content-category":[18042],"class_list":["post-172801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-softwaresecurity","tag-ciberseguridad","tag-cve-2025-4970","tag-cve-2025-49704","tag-kev","tag-microsoft","tag-microsoft-sharepoint","tag-seguridad","content-category-seguridad-privacidad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/posts\/172801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/users\/9318"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/comments?post=172801"}],"version-history":[{"count":2,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/posts\/172801\/revisions"}],"predecessor-version":[{"id":172812,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/posts\/172801\/revisions\/172812"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/media\/172802"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/media?parent=172801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/categories?post=172801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/tags?post=172801"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/usertag?post=172801"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/vertical?post=172801"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/fr\/wp-json\/wp\/v2\/content-category?post=172801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}