Proof-of-Concept Code gives standard Microsoft Exchange users Domain Administrator Privileges

From tenable.com

Background

Previously documented protocol weaknesses and vulnerabilities in fully patched Microsoft Exchange are now in the spotlight due to publicly released POC code. According to security researcher Dirk-Jan Mollema, this vulnerability: “Probably affects the majority of orgs using AD and Exchange.”

The POC code submitted to Github allows a standard Exchange user to gain Domain Administrator access to a fully patched Microsoft Exchange 2016 server and dump domain credentials from the Domain Controller.

Read more…