News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Exchange Server elevation of privilege bug acknowledged

    Posted on February 6th, 2019 at 12:04 woody Comment on the AskWoody Lounge

    Remember the 0day exploit in Microsoft Exchange that we talked about two weeks ago?

    As I suspected, your Exchange Server is only vulnerable to a man-in-the-middle attack. It isn’t an all-purpose attack: The miscreant has to be able to sit in the middle of an interaction with the Server.

    Microsoft finally has an explanation in ADV190007 | Guidance for “PrivExchange” Elevation of Privilege Vulnerability.

    A planned update is in development. If you determine that your system is at high risk then you should evaluate the proposed workaround.

    The workaround is a one-line PowerShell script that @b talked about last week.

    If that helped, take a second to support AskWoody on Patreon