Microsoft Exchange Server Zero-day Privilege Escalation Vulnerability

Last Update Date: 30 Jan 2019 Release Date: 28 Jan 2019 5946 Views

RISK: High Risk

High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A new zero-day vulnerability was discovered in Microsoft Exchange Server. A mailbox user could exploit this vulnerability to elevate account privilege to gain the Windows Domain Admin access right.

 

Notes:The exploit code is publicly available.

Impact

  • Elevation of Privilege

System / Technologies affected

This zero-day flaw have been tested in below version:

  • Microsoft Exchange Server 2013, 2016 and 2019

Solutions

Notes: No patch is currently available.

 

Please refer to the link below for possible mitigation plan:

https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/

 

Before applying any mitigation steps, please consult your product support and software manufacturer for more details.

Vulnerability Identifier

  • No CVE information is available

Related Link

Share with

Previous

Apple iOS Zero-day Sensitive Information Disclosure Vulnerability

30 Jan 2019 4419 Views

Next

Mozilla Thunderbird Multiple Vulnerabilities

31 Jan 2019 4161 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY