You're all admins, thanks to this Microsoft Exchange zero-day and exploit

guest · Jan 25, 2019

You're all admins, thanks to this Microsoft Exchange zero-day and exploit
Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month
January 25, 2019
https://www.theregister.co.uk/2019/01/25/microsoft_exchange_hashed_passwords/

Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.

On Thursday, Dirk-jan Mollema, a security researcher with Fox-IT in the Netherlands, published proof-of-concept code and an explanation of the attack, which involves the interplay of three separate issues.

According to Mollema, the primary problem is that Exchange has high privileges by default in the Active Directory domain.
In a statement emailed to The Register, Microsoft avoided commenting on the specific vulnerability described by Mollema, but the wording of its coy, content-free reply suggests the company may issue a fix in February.
Click to expand...

Daveski17 · Jan 25, 2019

Oh I'm so happy I waved goodbye to M$!

wat0114 · Jan 25, 2019

This is nothing a home user needs to be concerned about.

Minimalist · Feb 6, 2019

Microsoft Confirms Serious ‘PrivExchange’ Vulnerability

Microsoft acknowledged an elevated privilege flaw in its Exchange Server could allow a remote attacker with a simple mailbox account to gain administrator privileges.

Both a Microsoft advisory and a US-CERT alert were issued on Tuesday warning users of the elevation of privilege flaw, dubbed “PrivExchange,” which has a “high severity” CVSS score of 8.3. The flaw exists due to a perfect storm of default settings in Microsoft Exchange Server and the mail server and calendaring server that run on Windows Server operating systems. According to Microsoft, Exchange 2013 and newer versions are impacted.

Currently, Microsoft has not issued a patch to fix the bug. However, there are workaround fixes.
Click to expand...

https://threatpost.com/microsoft-confirms-serious-privexchange-vulnerability/

FanJ · May 1, 2019

... Dirk-jan Mollema, a security researcher with Fox-IT in the Netherlands ...
Click to expand...

If you want to read more articles from him, go to https://dirkjanm.io/

Some recent articles:

“Relaying” Kerberos - Having fun with unconstrained delegation
https://dirkjanm.io/krbrelayx-unconstrained-delegation-abuse-toolkit/

The worst of both worlds: Combining NTLM Relaying and Kerberos delegation
https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/

Getting in the Zone: dumping Active Directory DNS using adidnsdump
https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/

Log in or Sign up

You're all admins, thanks to this Microsoft Exchange zero-day and exploit

guest Guest

Daveski17 Registered Member

wat0114 Registered Member

Minimalist Registered Member

FanJ Updates Team

Log in or Sign up

You're all admins, thanks to this Microsoft Exchange zero-day and exploit

guest Guest

Daveski17 Registered Member

wat0114 Registered Member

Minimalist Registered Member

FanJ Updates Team

Useful Searches