Jump to content

Admin

Sign in to follow this  
  • entries
    104
  • comments
    78
  • views
    31072

Exchange Server serious vulnerability reported

Sign in to follow this  
i-away

106 views

A Security Researcher named Dirk-jan Mollema has recently discovered a vulnerability that affects Exchange and described a way that this vulnerability can be exploited to allow an attacker to obtain escalated privileges.

The attack relies on two key components to be successful.

Firstly by using a man-in-the-middle attack method against an Exchange Server to perform an NTLM relay attack ( an attacker intercepting the authentication process). This in itself isn’t actually an real Exchange vulnerability and its caused by the NTLM over HTTP authentication method that Exchange Server uses.

The second component of this vulnerability relates to the ability of an attacker to force Exchange to attempt to authenticate as the computer account. To do this, the attacker has the ability to use Exchange Web Services in order to force Exchange Server to make a new outbound HTTP call that uses NTLM to attempt to authenticate against an arbitrary URL using the EWS Push Subscription feature.

Microsoft is actively working on a hotfix and is not recommending performing any actions until a hotfix is released.

Stay tuned for Updated info!


Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...