Tag » Exchange Server « @ AskWoody

Exchange Server elevation of privilege bug acknowledged

Posted on February 6th, 2019 at 12:04 woody Comment on the AskWoody Lounge

Remember the 0day exploit in Microsoft Exchange that we talked about two weeks ago?

As I suspected, your Exchange Server is only vulnerable to a man-in-the-middle attack. It isn’t an all-purpose attack: The miscreant has to be able to sit in the middle of an interaction with the Server.

Microsoft finally has an explanation in ADV190007 | Guidance for “PrivExchange” Elevation of Privilege Vulnerability.

A planned update is in development. If you determine that your system is at high risk then you should evaluate the proposed workaround.

The workaround is a one-line PowerShell script that @b talked about last week.

Windows Patches/Security 0day, Exchange Server, PrivExchange

Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced.

Plus Membership

Search The Lounge

Recent Replies

alQamar on Win10 updating terminology is changing again – but this time maybe it’s tied to a major improvement
1 minute ago
Sinclair on Disable Firefox Experiments v60+
39 minutes ago
Lugh on Creating a list of Web sites on operating systems security.
40 minutes ago
Lugh on Tell me the truth – Which is better, Chrome or Firefox?
1 hour ago
anonymous on Tell me the truth – Which is better, Chrome or Firefox?
2 hours, 1 minute ago
Lugh on Mac vs. Windows: what is a better choice, long term.
2 hours, 17 minutes ago
Microfix on Tell me the truth – Which is better, Chrome or Firefox?
2 hours, 21 minutes ago
OscarCP on Creating a list of Web sites on operating systems security.
2 hours, 55 minutes ago
Fred on Creating a list of Web sites on operating systems security.
3 hours, 4 minutes ago
OscarCP on Tell me the truth – Which is better, Chrome or Firefox?
3 hours, 5 minutes ago
anonymous on Tell me the truth – Which is better, Chrome or Firefox?
3 hours, 12 minutes ago
anonymous on Tell me the truth – Which is better, Chrome or Firefox?
3 hours, 12 minutes ago
anonymous on Microsoft updates its schedule for SHA-2 ‘critical’ Win7 update, now due in March
3 hours, 12 minutes ago
OscarCP on Creating a list of Web sites on operating systems security.
3 hours, 36 minutes ago
Fred on Creating a list of Web sites on operating systems security.
3 hours, 54 minutes ago
Lugh on Insert image.
4 hours, 2 minutes ago
Cybertooth on Creating a list of Web sites on operating systems security.
4 hours, 2 minutes ago
Fred on Creating a list of Web sites on operating systems security.
4 hours, 10 minutes ago
OscarCP on Tell me the truth – Which is better, Chrome or Firefox?
4 hours, 14 minutes ago
anonymous on Pssssst… I still don’t believe the part about Microsoft testing 20H1, then jumping back to 19H2
4 hours, 17 minutes ago

Recent Topics

Disable Firefox Experiments v60+
39 minutes ago
Mass Site Hacks Include 500px, StreetEasy etc. etc.
9 hours, 37 minutes ago
Tell me the truth – Which is better, Chrome or Firefox?
1 hour ago
Microsoft updates its schedule for SHA-2 ‘critical’ Win7 update, now due in March
11 hours, 48 minutes ago
New to AskWoody from Windows Secrets Lounge
4 hours, 57 minutes ago
Testing Image Importing and then Deleting Post
21 hours, 52 minutes ago
Creating a list of Web sites on operating systems security.
40 minutes ago
The Ultimate Malfunction/Windows Nervous Breakdowns
1 day, 4 hours ago
Outlook calendars make me crazy
1 day, 17 hours ago
Still no "Select File" Box??
12 hours, 2 minutes ago

Search for Topics

Recent blog posts

Links

Forums

Topics

5304

AskWoody Central

145

Suggestions about improvi

104

Tips for using the Lounge

30

Getting started

3

Outside the box

159

65

52

6

4

Rumors and what-ifs

26

The Junk Drawer

4

AskWoody support

1665

1193

569

Questions: Win10

259

Windows 10 beta builds

33

Windows 10 cumulative upd

10

Windows 10 version 1511 -

2

Windows 10 version 1703 -

32

Windows 10 version 1709 -

45

Windows 10 version 1607 -

5

Windows 10 version 1803 -

66

Windows 10 version 1809 -

29

55

Questions: Win 8.1 (and W

29

Windows 8.1 (and Win 8) p

17

451

Questions: Windows 7

273

Windows 7 patches

129

Windows Vista, XP and ear

10

Questions: Vista, XP back

2

Questions: Windows Mobile

4

Microsoft Office by versi

108

Questions: Microsoft Offi

25

Office 365 and Click-to-R

31

Office 2010 and earlier f

15

Office 2016 for PC

8

Office 2013 for PC

6

Office 2019 for PC

1

52

Questions: Microsoft Surf

7

Questions: What hardware

11

Questions: How to trouble

7

Questions - Maintenance a

1

Connected home / Internet

34

Questions: Amazon Echo/Al

3

Questions: Google Home

2

Questions: Microsoft Inte

2

Questions: Other home/IoT

15

Other platforms - for Win

153

Linux for Windows wonks

80

macOS for Windows wonks

31

iOS for Windows wonks

5

Android for Windows wonks

14

Chromebooks and ChromeOS

17

Questions: Browsers and d

120

Updates for browsers, app

34

Internet Explorer and Edg

0

1

Other desktop and Microso

0

Productivity software by

4

Word processing help

0

Spreadsheet help

0

0

Presentation apps

0

3

Graphics and Multimedia p

1

Visual Basic for Applicat

0

0

37

84

Code Red - Security/Privacy ad

194

Developers, developers, develo

32

Other MS software - .NET,

17

12

Web design and developmen

0

Admin IT Lounge

117

WSUS, SCCM, Exchange and

31

Managing updates in organ

2

Application servers - Exc

0

Tech Accessibility

17

3

Networking - routers, firewall

1

Social media - Tools, Configur

0