Cybersafe News

Microsoft Exchange Server Zero-day Flaw

Microsoft Exchange 2013 and newer versions are vulnerable to a new privilege escalation zero-day called “PrivExchange” that permits a remote attacker with the credentials of a single lowly Exchange mailbox user to gain Domain Controller admin privileges using a simple Python tool.

A security researcher with Dutch cyber-security firm Fox-IT, Dirk-jan Mollema has revealed the details regarding the zero-day. He claims that the zero-day is not just a single flaw but a mixture of three (default) settings and mechanisms which a hacker can misuse to increase his access from a hacked email account to the admin of the company’s internal domain controller (a server that handles security authentication requests within a Windows domain). The three issues are:

The PrivExchange attack works on Exchange and Windows Server DCs running with fully-patched versions.

No emergency patches have been issued for this vulnerability by Microsoft. But the researcher has included numerous mitigations in his blog that system administrators can use to prevent attackers from exploiting this zero-day and getting control over their companies’ server infrastructure.

The PrivExchange vulnerability has to be taken seriously as it is very easy to carry out and also allows the attackers complete control over a company’s Windows IT infrastructure.

Exit mobile version