You’re an admin! You’re an admin! You’re all admins, thanks to this Microsoft Exchange zero-day and exploit

From theregister.co.uk

FromYou’re an admin! You’re an admin! You’re all admins, thanks to this Microsoft Exchange zero-day and exploit

Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.

On Thursday, Dirk-jan Mollema, a security researcher with Fox-IT in the Netherlands, published proof-of-concept code and an explanation of the attack, which involves the interplay of three separate issues.

According to Mollema, the primary problem is that Exchange has high privileges by default in the Active Directory domain.

“The Exchange Windows Permissions group has WriteDacl access on the Domain object in Active Directory, which enables any member of this group to modify the domain privileges, among which is the privilege to perform DCSync operations,” he explained in his post.