Abusing Exchange: One API call away from Domain Admin

ubremoved_539
Deel van't meubilair
Deel van't meubilair
Berichten: 29849
Lid geworden op: 28 Okt 2003
Bedankt: 1994 keer
Uitgedeelde bedankjes: 446 keer

Abusing Exchange: One API call away from Domain Admin

Berichtdoor ubremoved_539 » 30 Jan 2019, 08:31

A massive security hole has been found which means most Microsoft Exchange Servers 2013 and above can be hacked to give criminals full Domain Controller admin privileges, allowing them to create accounts on the target server and come and go at will. All that is needed for the PrivExchange attack is the email address and password of a mailbox user, and in some circumstances not even that.

Bron: https://mspoweruser.com/massive-vulnera ... ver-worse/

Terug naar “Netwerken en Security”

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers en 1 gast