News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft Exchange 0day exploit code published

    Posted on January 25th, 2019 at 14:33 woody Comment on the AskWoody Lounge

    According to Thomas Claburn at The Reg:

    Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.

    Claburn goes on to reference Dirk-jan Mollema’s proof of concept post:

    This blog combines a few known vulnerabilities and known protocol weaknesses into a new attack. There are 3 components which are combined to escalate from any user with a mailbox to Domain Admin access:

    • Exchange Servers have (too) high privileges by default
    • NTLM authentication is vulnerable to relay attacks
    • Exchange has a feature which makes it authenticate to an attacker with the computer account of the Exchange server

    Here’s where it gets thick. Er. Mollema claims his method allows an “attack to escalate from any user with a mailbox to Domain Admin in probably 90% of the organisations I’ve seen that use Exchange.”

    Microsoft, however, has apparently weighed in on the elevation of privilege bug in CVE-2018-8581:

    To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user.

    And there’s the rub. The headlines make it sound like anybody with an Exchange mailbox can become a Domain Admin. The Microsoft CVE report (which, I assume, relates to the same bug) says that a man-in-the-middle attack is necessary.

    Big difference.

    Anybody know the details?

  • Keizer: Win10 version 1809 rollout fiasco may hinder Enterprise migrations from Win7

    Posted on January 25th, 2019 at 10:14 woody Comment on the AskWoody Lounge

    In the once burned, twice shy department (or should I say 100th time burned, 101 times shy?) Gregg Keizer has an interesting analysis of the Win10 1809 rollout debacle — and why it may convince Microsoft’s big customers to stick with Win7.

    In a nutshell:

    This year’s [version] 1903 [a.k.a. 19H1] would be a mistake because even for Windows 10 Enterprise customers, it will get only 18 months of support. That means holding out for 1909, which will receive 30 months of support. Trouble is, the company won’t have much of an upgrade cushion from 1803 to 1909; the upgrade will have to begin as soon as the latter is declared enterprise-ready and even then, the cushion will be a short four months.

    Gregg has a very convincing argument — Microsoft’s dropping the ball on 1809 puts Enterprises in a tough place. It’s all in the calendar, and the fact that 19H1 will only receive 18 months of support whereas 19H2 will (MS has promised) receive 30 months.

    I wonder if/when Microsoft will jump off this insane 6-month upgrade cycle.