A massive security hole has been found which means most Microsoft Exchange Servers 2013 and above can be hacked to give criminals full Domain Controller admin privileges, allowing them to create accounts on the target server and come and go at will. All that is needed for the PrivExchange attack is the email address and password of a mailbox user, and in some circumstances not even that.
Bron: https://mspoweruser.com/massive-vulnera ... ver-worse/
Abusing Exchange: One API call away from Domain Admin
-
ubremoved_539
- Deel van't meubilair
- Berichten: 29849
- Lid geworden op: 28 okt 2003, 09:17
- Uitgedeelde bedankjes: 446 keer
- Bedankt: 1985 keer
