Abusing Exchange: One API call away from Domain Admin

Gebruikersavatar
r2504
Deel van't meubilair
Deel van't meubilair
Berichten: 29680
Lid geworden op: 28 Okt 2003
Bedankt: 1966 keer
Recent bedankt: 9 keer
Uitgedeelde bedankjes: 439 keer

Abusing Exchange: One API call away from Domain Admin

Berichtdoor r2504 » 3 weken 2 dagen 21 uur geleden (30 Jan 2019, 08:31)

A massive security hole has been found which means most Microsoft Exchange Servers 2013 and above can be hacked to give criminals full Domain Controller admin privileges, allowing them to create accounts on the target server and come and go at will. All that is needed for the PrivExchange attack is the email address and password of a mailbox user, and in some circumstances not even that.

Bron: https://mspoweruser.com/massive-vulnera ... ver-worse/

Terug naar “Netwerken en Security”

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers en 1 gast