{"id":46738,"date":"2025-09-21T14:41:49","date_gmt":"2025-09-21T07:41:49","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=46738"},"modified":"2025-09-26T14:42:56","modified_gmt":"2025-09-26T07:42:56","slug":"microsoft-va-lo-hong-diem-10-nghiem-trong-nguy-co-gia-mao-global-admin","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/microsoft-va-lo-hong-diem-10-nghiem-trong-nguy-co-gia-mao-global-admin\/","title":{"rendered":"Microsoft v\u00e1 l\u1ed7 h\u1ed5ng \u0111i\u1ec3m 10 nghi\u00eam tr\u1ecdng, nguy c\u01a1 gi\u1ea3 m\u1ea1o Global Admin"},"content":{"rendered":"

C\u00e1c chuy\u00ean gia v\u1eeba c\u00f4ng b\u1ed1 m\u1ed9t ph\u00e1t hi\u1ec7n nghi\u00eam tr\u1ecdng: c\u01a1 ch\u1ebf c\u1ea5p m\u00e3 th\u00f4ng b\u00e1o n\u1ed9i b\u1ed9 c\u1ee7a Microsoft, k\u1ebft h\u1ee3p v\u1edbi m\u1ed9t l\u1ed7i trong giao di\u1ec7n l\u1eadp tr\u00ecnh c\u0169 c\u00f3 th\u1ec3 b\u1ecb l\u1ee3i d\u1ee5ng \u0111\u1ec3 m\u1ea1o danh b\u1ea5t k\u1ef3 ng\u01b0\u1eddi d\u00f9ng n\u00e0o, k\u1ec3 c\u1ea3 Global Administrator tr\u00ean tenant kh\u00e1c. K\u1ecbch b\u1ea3n n\u00e0y c\u00f3 th\u1ec3 d\u1eabn t\u1edbi vi\u1ec7c k\u1ebb t\u1ea5n c\u00f4ng chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t to\u00e0n b\u1ed9 d\u1ecbch v\u1ee5 Microsoft 365 v\u00e0 Azure c\u1ee7a n\u1ea1n nh\u00e2n m\u00e0 h\u1ea7u nh\u01b0 kh\u00f4ng \u0111\u1ec3 l\u1ea1i d\u1ea5u v\u1ebft. L\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c ghi nh\u1eadn l\u00e0 CVE-2025-55241 v\u00e0 \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 CVSS 10,0, t\u1ee9c m\u1ee9c t\u1ed1i \u0111a.<\/b><\/p>\n

H\u1ec7 th\u1ed1ng danh t\u00ednh (identity) nh\u01b0 Microsoft Entra ID \u0111\u01b0\u1ee3c coi l\u00e0 “x\u01b0\u01a1ng s\u1ed1ng\u201d cho h\u00e0ng tri\u1ec7u doanh nghi\u1ec7p s\u1eed d\u1ee5ng Microsoft 365 v\u00e0 Azure. Khi m\u1ed9t k\u1ebb x\u1ea5u c\u00f3 th\u1ec3 m\u1ea1o danh Global Admin m\u00e0 kh\u00f4ng c\u1ea7n v\u01b0\u1ee3t qua MFA hay Conditional Access, h\u1eadu qu\u1ea3 kh\u00f4ng ch\u1ec9 l\u00e0 email b\u1ecb l\u1ed9 m\u00e0 \u0111\u00f3 l\u00e0 to\u00e0n b\u1ed9 h\u1ea1 t\u1ea7ng, d\u1eef li\u1ec7u v\u00e0 d\u1ecbch v\u1ee5 \u0111\u00e1m m\u00e2y c\u00f3 th\u1ec3 r\u01a1i v\u00e0o tay k\u1ebb t\u1ea5n c\u00f4ng.<\/p>\n

Nguy\u00ean nh\u00e2n ch\u00ednh khi\u1ebfn l\u1ed7 h\u1ed5ng CVE-2025-55241 n\u00e0y t\u1ed3n t\u1ea1i l\u00e0 v\u00ec nhi\u1ec1u th\u00e0nh ph\u1ea7n \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf d\u00e0nh ri\u00eang cho \u201cn\u1ed9i b\u1ed9\u201d n\u00ean b\u1ecb xem nh\u1eb9 v\u1ec1 m\u1eb7t an ninh. M\u00e3 t\u00e1c nh\u00e2n n\u1ed9i b\u1ed9 v\u1ed1n \u0111\u01b0\u1ee3c coi l\u00e0 k\u00eanh tin c\u1eady gi\u1eefa c\u00e1c d\u1ecbch v\u1ee5, n\u00ean \u00edt \u0111\u01b0\u1ee3c gi\u00e1m s\u00e1t, kh\u00f4ng c\u00f3 c\u01a1 ch\u1ebf thu h\u1ed3i t\u1ee9c th\u00ec v\u00e0 h\u1ea7u nh\u01b0 kh\u00f4ng l\u01b0u l\u1ea1i nh\u1eadt k\u00fd chi ti\u1ebft. \u0110\u1ed3ng th\u1eddi, nhi\u1ec1u t\u1ed5 ch\u1ee9c v\u1eabn ph\u1ee5 thu\u1ed9c v\u00e0o API c\u0169 m\u00e0 nh\u00e0 cung c\u1ea5p \u0111\u00e3 c\u1ea3nh b\u00e1o n\u00ean b\u1ecf d\u00f9ng, khi\u1ebfn b\u1ec1 m\u1eb7t t\u1ea5n c\u00f4ng k\u00e9o d\u00e0i ngay c\u1ea3 khi \u0111\u00e3 c\u00f3 ph\u01b0\u01a1ng \u00e1n thay th\u1ebf.<\/p>\n

\n
\"1758532816469.png\"<\/div>\n

\u1ea2nh: Dirk-jan Mollema<\/i>\u200b<\/div>\n

B\u1ea3n ch\u1ea5t k\u1ef9 thu\u1eadt\u200b<\/h2>\n

V\u1ea5n \u0111\u1ec1 ph\u00e1t sinh t\u1eeb s\u1ef1 k\u1ebft h\u1ee3p c\u1ee7a hai y\u1ebfu t\u1ed1. Th\u1ee9 nh\u1ea5t l\u00e0 m\u1ed9t lo\u1ea1i m\u00e3 n\u1ed9i b\u1ed9 g\u1ecdi l\u00e0 Actor token (m\u00e3 t\u00e1c nh\u00e2n), d\u00f9ng \u0111\u1ec3 cho ph\u00e9p d\u1ecbch v\u1ee5 n\u00e0y thay m\u1eb7t d\u1ecbch v\u1ee5 kia ho\u1ea1t \u0111\u1ed9ng gi\u1eefa c\u00e1c h\u1ec7 th\u1ed1ng; th\u1ee9 hai l\u00e0 m\u1ed9t l\u1ed7i trong API c\u0169 c\u1ee7a Azure AD (Azure AD Graph) khi\u1ebfn API n\u00e0y kh\u00f4ng ki\u1ec3m tra c\u1ea9n th\u1eadn ngu\u1ed3n g\u1ed1c tenant c\u1ee7a m\u00e3.<\/p>\n

B\u1eb1ng c\u00e1ch thay \u0111\u1ed5i th\u00f4ng tin tenant (tenant ID ho\u1eb7c netId) v\u00e0 d\u00f9ng Actor token do ch\u00ednh m\u00ecnh c\u1ea5p trong m\u00f4i tr\u01b0\u1eddng th\u1eed nghi\u1ec7m, nh\u00e0 nghi\u00ean c\u1ee9u Mollema ch\u1ee9ng minh \u0111\u01b0\u1ee3c kh\u1ea3 n\u0103ng x\u00e1c th\u1ef1c d\u01b0\u1edbi danh t\u00ednh b\u1ea5t k\u1ef3 ng\u01b0\u1eddi d\u00f9ng n\u00e0o tr\u00ean tenant m\u1ee5c ti\u00eau, k\u1ec3 c\u1ea3 qu\u1ea3n tr\u1ecb vi\u00ean to\u00e0n quy\u1ec1n. H\u1eadu qu\u1ea3 tr\u1ef1c ti\u1ebfp l\u00e0 quy\u1ec1n cao c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c c\u1ea5p m\u00e0 v\u1eabn ho\u00e0n to\u00e0n b\u1ecf qua c\u00e1c c\u01a1 ch\u1ebf nh\u01b0 Conditional Access v\u00e0 x\u00e1c th\u1ef1c hai y\u1ebfu t\u1ed1.<\/p>\n

H\u1eadu qu\u1ea3 kh\u00f3 l\u01b0\u1eddng<\/b>\u200b<\/h2>\n

N\u1ebfu b\u1ecb khai th\u00e1c th\u00e0nh c\u00f4ng, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 chi\u1ebfm quy\u1ec1n v\u00e0 duy tr\u00ec truy c\u1eadp l\u00e2u d\u00e0i. Ch\u00fang c\u00f3 th\u1ec3 t\u1ea1o t\u00e0i kho\u1ea3n m\u1edbi, g\u00e1n quy\u1ec1n ho\u1eb7c n\u00e2ng quy\u1ec1n cho nh\u00f3m v\u00e0 vai tr\u00f2 \u0111\u1ec3 gi\u1eef quy\u1ec1n ki\u1ec3m so\u00e1t.<\/p>\n

K\u1ebb x\u1ea5u c\u00f2n c\u00f3 kh\u1ea3 n\u0103ng truy xu\u1ea5t d\u1eef li\u1ec7u ng\u01b0\u1eddi d\u00f9ng v\u00e0 n\u1ed9i dung t\u1eeb h\u1ed9p th\u01b0, SharePoint, Teams v\u00e0 c\u00e1c \u1ee9ng d\u1ee5ng x\u00e1c th\u1ef1c b\u1eb1ng Entra ID. H\u01a1n n\u1eefa, ch\u00fang c\u00f3 th\u1ec3 truy c\u1eadp t\u00e0i nguy\u00ean Azure, v\u00ed d\u1ee5 kho kh\u00f3a (Key Vault), c\u01a1 s\u1edf d\u1eef li\u1ec7u SQL, m\u00e1y \u1ea3o v\u00ec quy\u1ec1n qu\u1ea3n tr\u1ecb subscription v\u00e0 vai tr\u00f2 \u0111\u01b0\u1ee3c \u0111i\u1ec1u khi\u1ec3n \u1edf c\u1ea5p tenant.<\/p>\n

Cu\u1ed1i c\u00f9ng, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 x\u00f3a, m\u00e3 h\u00f3a ho\u1eb7c \u0111\u01b0a d\u1eef li\u1ec7u ra ngo\u00e0i m\u00e0 g\u1ea7n nh\u01b0 kh\u00f4ng \u0111\u1ec3 l\u1ea1i d\u1ea5u v\u1ebft \u1edf m\u1ee9c API b\u1ecb l\u1ee3i d\u1ee5ng, l\u00e0m cho vi\u1ec7c ph\u00e1t hi\u1ec7n v\u00e0 \u0111i\u1ec1u tra tr\u1edf n\u00ean r\u1ea5t kh\u00f3 kh\u0103n.<\/p>\n

Tr\u01b0\u1edbc h\u1ebft \u0111\u1ed9i IT c\u1ea7n ki\u1ec3m tra ngay xem tenant \u0111\u00e3 nh\u1eadn b\u1ea3n v\u00e1 t\u1eeb Microsoft ho\u1eb7c \u0111\u1ed1i t\u00e1c \u1ee7y quy\u1ec1n v\u00e0 b\u00e1o c\u00e1o ng\u1eafn g\u1ecdn k\u1ebft qu\u1ea3 l\u00ean Ban l\u00e3nh \u0111\u1ea1o. Ti\u1ebfp \u0111\u00f3 h\u00e3y \u01b0u ti\u00ean di c\u01b0 m\u1ecdi \u1ee9ng d\u1ee5ng kh\u1ecfi Azure AD Graph sang Microsoft Graph, \u0111\u1ed3ng th\u1eddi xoay v\u00f2ng to\u00e0n b\u1ed9 credentials v\u00e0 thu h\u1eb9p quy\u1ec1n cho service principal theo nguy\u00ean t\u1eafc t\u1ed1i thi\u1ec3u. K\u00edch ho\u1ea1t logging t\u1eadp trung v\u00e0 c\u1ea3nh b\u00e1o t\u1ee9c th\u00ec cho c\u00e1c h\u00e0nh vi li\u00ean quan quy\u1ec1n cao, r\u1ed3i ti\u1ebfn h\u00e0nh ki\u1ec3m tra th\u1ef1c t\u1ebf \u0111\u1ec3 r\u00e0 so\u00e1t c\u00e1c \u0111\u01b0\u1eddng \u0111i cross-tenant v\u00e0 c\u1ea5u h\u00ecnh B2B.<\/p>\n

Vi\u1ec7c v\u00e1 l\u1ed7 h\u1ed5ng ch\u1ec9 l\u00e0 b\u01b0\u1edbc kh\u1edfi \u0111\u1ea7u, c\u00e1c t\u1ed5 ch\u1ee9c ph\u1ea3i coi m\u1ecdi k\u00eanh n\u1ed9i b\u1ed9 l\u00e0 kh\u00f4ng tin c\u1eady v\u00e0 thay \u0111\u1ed5i c\u00e1ch v\u1eadn h\u00e0nh \u0111\u1ec3 gi\u1ea3m r\u1ee7i ro l\u00e2u d\u00e0i.<\/p>\n

Theo The Hacker News<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"

C\u00e1c chuy\u00ean gia v\u1eeba c\u00f4ng b\u1ed1 m\u1ed9t ph\u00e1t hi\u1ec7n nghi\u00eam tr\u1ecdng: c\u01a1 ch\u1ebf c\u1ea5p m\u00e3 th\u00f4ng b\u00e1o n\u1ed9i b\u1ed9 c\u1ee7a Microsoft, k\u1ebft h\u1ee3p v\u1edbi m\u1ed9t l\u1ed7i trong giao di\u1ec7n l\u1eadp tr\u00ecnh c\u0169 c\u00f3 th\u1ec3 b\u1ecb l\u1ee3i d\u1ee5ng \u0111\u1ec3 m\u1ea1o danh b\u1ea5t k\u1ef3 ng\u01b0\u1eddi d\u00f9ng n\u00e0o, k\u1ec3 c\u1ea3 Global Administrator tr\u00ean tenant kh\u00e1c. K\u1ecbch b\u1ea3n n\u00e0y […]<\/p>\n","protected":false},"author":20,"featured_media":46739,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[4,24,35],"tags":[],"class_list":["post-46738","post","type-post","status-publish","format-standard","has-post-thumbnail","category-kien-thuc-an-toan-thong-tin","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46738","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=46738"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46738\/revisions"}],"predecessor-version":[{"id":46740,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46738\/revisions\/46740"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/46739"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=46738"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=46738"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=46738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}