Microsoft Exchange vulnerable to ‘PrivExchange’ zero-day

Microsoft Exchange 2013 and newer are vulnerable to a zero-day named “PrivExchange” that allows a remote attacker with just the credentials of a single lowly Exchange mailbox user to gain Domain Controller admin privileges with the help of a simple Python tool. Details about this zero-day have been made public last week by Dirk-jan Mollema, a security researcher with Dutch cyber-security firm Fox-IT.

Link: Microsoft Exchange vulnerable to ‘PrivExchange’ zero-day
via http://www.zdnet.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s