Microsoft Confirms Serious ‘PrivExchange’ Vulnerability
The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.
Microsoft acknowledged an elevated privilege flaw in its Exchange Server could allow a remote attacker with a simple mailbox account to gain administrator privileges.
Both a Microsoft advisory and a US-CERT alert were issued on Tuesday warning users of the elevation of privilege flaw, dubbed “PrivExchange,” which has a “high severity” CVSS score of 8.3. The flaw exists due to a perfect storm of default settings in Microsoft Exchange Server and the mail server and calendaring server that run on Windows Server operating systems. According to Microsoft, Exchange 2013 and newer versions are impacted.
Currently, Microsoft has not issued a patch to fix the bug. However, there are workaround fixes.
The advisory comes weeks after a proof of concept was released outlining how a regular Exchange mail user could utilize two Python-based tools – privexchange.py and ntlmrelayx.py – to eventually gain domain administrator privileges. Administrators have access to the entire Exchange Server organization and can perform almost any task against any Exchange Server object.
“To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user,” Microsoft said in its Tuesday advisory. ..Read More..