Microsoft Exchange Server Zero-day Privilege Escalation Vulnerability

Release Date: 28 / 01 / 2019
Last Update: 30 / 01 / 2019
Criticality Level:  

A new zero-day vulnerability was discovered in Microsoft Exchange Server. A mailbox user could exploit this vulnerability to elevate account privilege to gain the Windows Domain Admin access right.


Notes:The exploit code is publicly available.

  • Elevation of Privilege

This zero-day flaw have been tested in below version:

  • Microsoft Exchange Server 2013, 2016 and 2019

Notes: No patch is currently available.


Please refer to the link below for possible mitigation plan:


Before applying any mitigation steps, please consult your product support and software manufacturer for more details.