Microsoft Exchange Server Remote Privilege Escalation Vulnerability

Microsoft Exchange Server is prone to a remote privilege-escalation vulnerability.

Attackers can exploit this issue to gain elevated privileges.

Information

Bugtraq ID: 106725
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Jan 21 2019 12:00AM
Updated: Jan 21 2019 12:00AM
Credit: Dirk-jan Mollema
Vulnerable: Microsoft Exchange Server 2019 0
Microsoft Exchange Server 2016 0
Microsoft Exchange Server 2013 0

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

• Abusing Exchange: One API call away from Domain Admin (Dirk-jan Mollema)
  
• Exchange Server Home Page (Microsoft)
  
• Microsoft Homepage (Microsoft)
  
• PrivExchange (PrivExchange)
  

Source: www.securityfocus.com