Blog Archives

Exchange Server elevation of privilege bug acknowledged

Posted on February 6th, 2019 at 12:04 woody Comment on the AskWoody Lounge

Remember the 0day exploit in Microsoft Exchange that we talked about two weeks ago?

As I suspected, your Exchange Server is only vulnerable to a man-in-the-middle attack. It isn’t an all-purpose attack: The miscreant has to be able to sit in the middle of an interaction with the Server.

Microsoft finally has an explanation in ADV190007 | Guidance for “PrivExchange” Elevation of Privilege Vulnerability.

A planned update is in development. If you determine that your system is at high risk then you should evaluate the proposed workaround.

The workaround is a one-line PowerShell script that @b talked about last week.

Windows Patches/Security 0day, Exchange Server, PrivExchange

Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership

Search The Lounge

Recent Replies

southieguy on How do I enable VBScript?
southieguy on How do I enable VBScript?
PKCano on AVG Free Upgrade in 2019
PKCano on Glacially slow at low resource utilization
Microfix on Glacially slow at low resource utilization
Alex5723 on Glacially slow at low resource utilization
Lars220 on Another re-release of the Win10 1809 installation fix KB 4506578 – appears to be metadata related
EP on August 2019 Security patches: It’s a biiiiiiiiig month
woody on Discounted Windows 10 vendors
EP on Symantec fixes the SHA-2 patch problem for Win7
woody on Another re-release of the Win10 1809 installation fix KB 4506578 – appears to be metadata related
EP on Symantec fixes the SHA-2 patch problem for Win7
EP on Discounted Windows 10 vendors
Microfix on Another re-release of the Win10 1809 installation fix KB 4506578 – appears to be metadata related
anonymous on How do I enable VBScript?
MrJimPhelps on After 6 months I've weeded it down to 2, Tell me which one is the Winner.
anonymous on How do I enable VBScript?
Razz on August 2019 Security patches: It’s a biiiiiiiiig month
southieguy on How do I enable VBScript?
anonymous on How do I enable VBScript?

Recent Topics

More Surface Pro battery blues: Thurrott quoting Barb Bowman
33 minutes ago
Another re-release of the Win10 1809 installation fix KB 4506578 – appears to be metadata related
43 minutes ago
Glacially slow at low resource utilization
16 minutes ago
Microsoft’s Skype Is Breaking Down Its Users
4 hours, 9 minutes ago
AVG Free Upgrade in 2019
13 minutes ago
After 6 months I've weeded it down to 2, Tell me which one is the Winner.
1 hour, 33 minutes ago
Steam Client Zero-Day Disclosed
21 hours, 39 minutes ago
Restart cannot see 2nd hard drive
10 hours, 14 minutes ago
Microsoft re-issues the Win7 VB/VBA/VBScript fixing patch KB 4517297
2 hours, 16 minutes ago
Chromebook expiration dates
6 hours, 14 minutes ago
1903 Controlled Folder Access Broken?
1 day, 6 hours ago
Report: The new .NET updates break Veritas Backup Exec
23 hours, 47 minutes ago

Search for Topics

Recent blog posts

[slider_widget_show]