Tag » Exchange Server « @ AskWoody

Exchange Server elevation of privilege bug acknowledged

Posted on February 6th, 2019 at 12:04 woody Comment on the AskWoody Lounge

Remember the 0day exploit in Microsoft Exchange that we talked about two weeks ago?

As I suspected, your Exchange Server is only vulnerable to a man-in-the-middle attack. It isn’t an all-purpose attack: The miscreant has to be able to sit in the middle of an interaction with the Server.

Microsoft finally has an explanation in ADV190007 | Guidance for “PrivExchange” Elevation of Privilege Vulnerability.

A planned update is in development. If you determine that your system is at high risk then you should evaluate the proposed workaround.

The workaround is a one-line PowerShell script that @b talked about last week.

Windows Patches/Security 0day, Exchange Server, PrivExchange

Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership

Search The Lounge

Recent Replies

Lugh on File History: can’t select individual subfolders in AppData to be backed up
27 minutes ago
EP on MS-DEFCON 2: Patching conflicts with Sophos and Avast are getting better, but Avira’s a no-show. Don’t patch.
1 hour, 7 minutes ago
Alex5723 on MS-DEFCON 2: Patching conflicts with Sophos and Avast are getting better, but Avira’s a no-show. Don’t patch.
3 hours, 41 minutes ago
Paul T on To block the latest zero day, instead of removing Internet Explorer, just short-circuit access to MHT files
4 hours, 2 minutes ago
Paul T on Microsoft Office Starter Edition Win 10
4 hours, 15 minutes ago
Paul T on New pop up about Microsoft discontinuing support for Windows 7?
4 hours, 19 minutes ago
Paul T on Setting up Windows 10 for the first time
4 hours, 28 minutes ago
SteveTree on Yet another conflict acknowledged with this month’s Win7 and 8.1 Monthly Rollups, this time with McAfee Endpoint Security
5 hours, 33 minutes ago
Elly on Yet another conflict acknowledged with this month’s Win7 and 8.1 Monthly Rollups, this time with McAfee Endpoint Security
6 hours, 21 minutes ago
bsfinkel on Yet another conflict acknowledged with this month’s Win7 and 8.1 Monthly Rollups, this time with McAfee Endpoint Security
6 hours, 29 minutes ago
Elly on Yet another conflict acknowledged with this month’s Win7 and 8.1 Monthly Rollups, this time with McAfee Endpoint Security
6 hours, 43 minutes ago
bsfinkel on Yet another conflict acknowledged with this month’s Win7 and 8.1 Monthly Rollups, this time with McAfee Endpoint Security
6 hours, 47 minutes ago
BobStr on File History: can’t select individual subfolders in AppData to be backed up
7 hours, 21 minutes ago
Ascaris on Running Linux on old laptop??
7 hours, 35 minutes ago
RockE on Outlook 365 POP putting e-mail into wrong folder
7 hours, 42 minutes ago
Nathan Parker on Mac Security: Protecting a Mac from Being Stolen
7 hours, 44 minutes ago
Lugh on Setting up Windows 10 for the first time
8 hours, 51 minutes ago
willygirl on Happy Easter 2019
9 hours, 14 minutes ago
PKCano on Happy Easter 2019
9 hours, 31 minutes ago
willygirl on Happy Easter 2019
9 hours, 43 minutes ago

Recent Topics

Windows Security: On beyond passwords
10 minutes ago
Installing VMWare Workstation Player in Linux Mint
9 hours, 5 minutes ago
libobasis core broken dependencies
10 hours, 57 minutes ago
Microsoft Office Starter Edition Win 10
4 hours, 15 minutes ago
Change Name of Computer in Win. 10
13 hours, 52 minutes ago
File History: can’t select individual subfolders in AppData to be backed up
27 minutes ago
2 "Scan with Windows Defender" on Context Menu
17 hours, 25 minutes ago
Happy Easter 2019
9 hours, 14 minutes ago
Setting up Windows 10 for the first time
4 hours, 28 minutes ago
Mac Security: Protecting a Mac from Being Stolen
7 hours, 44 minutes ago

Search for Topics

Recent blog posts

Links

Forums

Topics

6989

AskWoody Central

158

Suggestions about improvi

112

Tips for using the Lounge

33

Getting started

5

Outside the box

2911

72

2791

7

4

Rumors and what-ifs

27

The Junk Drawer

5

AskWoody support

143196

32180

3334

Questions: Win10

2930

Windows 10 beta builds

51

Windows 10 cumulative upd

11

Windows 10 version 1511 -

2

Windows 10 version 1703 -

33

Windows 10 version 1709 -

46

Windows 10 version 1607 -

5

Windows 10 version 1803 -

79

Windows 10 version 1809 -

72

2339

Questions: Win 8.1 (and W

2311

Windows 8.1 (and Win 8) p

18

7263

Questions: Windows 7

7070

Windows 7 patches

136

Windows Vista, XP and ear

15336

Questions: Vista, XP back

15327

Questions: Windows Mobile

275

Microsoft Office by versi

133

Questions: Microsoft Offi

31

Office 365 and Click-to-R

39

Office 2010 and earlier f

18

Office 2016 for PC

11

Office 2013 for PC

8

Office 2019 for PC

2

4717

Questions: Microsoft Surf

9

Questions: What hardware

11

Questions: How to trouble

4177

Questions - Maintenance a

487

Connected home / Internet

38

Questions: Amazon Echo/Al

4

Questions: Google Home

2

Questions: Microsoft Inte

2

Questions: Other home/IoT

16

Other platforms - for Win

705

Linux for Windows wonks

100

macOS for Windows wonks

49

iOS for Windows wonks

12

Android for Windows wonks

15

Chromebooks and ChromeOS

18

Questions: Browsers and d

10673

Updates for browsers, app

38

Internet Explorer and Edg

3668

2051

Other desktop and Microso

4823

Productivity software by

94749

MS Word and word processi

17749

MS Excel and spreadsheet

22497

MS Access and database he

26150

MS PowerPoint and present

1826

MS Outlook and email prog

14503

Graphics and Multimedia p

603

Visual Basic for Applicat

6876

1491

37

97

Code Red - Security/Privacy ad

203

Developers, developers, develo

2895

Other MS software - .NET,

17

648

Web design and developmen

2227

Admin IT Lounge

175

WSUS, SCCM, Exchange and

33

Managing updates in organ

3

Application servers - Exc

50

Tech Accessibility

17

3

Networking - routers, firewall

2035

Social media - Tools, Configur

3