News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Exchange Server elevation of privilege bug acknowledged

    Posted on February 6th, 2019 at 12:04 woody Comment on the AskWoody Lounge

    Remember the 0day exploit in Microsoft Exchange that we talked about two weeks ago?

    As I suspected, your Exchange Server is only vulnerable to a man-in-the-middle attack. It isn’t an all-purpose attack: The miscreant has to be able to sit in the middle of an interaction with the Server.

    Microsoft finally has an explanation in ADV190007 | Guidance for “PrivExchange” Elevation of Privilege Vulnerability.

    A planned update is in development. If you determine that your system is at high risk then you should evaluate the proposed workaround.

    The workaround is a one-line PowerShell script that @b talked about last week.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Exchange Server elevation of privilege bug acknowledged

    This topic contains 1 reply, has 2 voices, and was last updated by

     Susan Bradley 1 week, 3 days ago.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Exchange Server elevation of privilege bug acknowledged

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: