Rewterz Threat Advisory – Microsoft Exchange Sever 2013 CU21/ 2019/ 2016 CU11 API call privilege escalation

Rewterz Threat Alert: RDP Tunneling leading to network security bypass

January 25, 2019

Rewterz Threat Advisory – CVE-2019-1652 – Cisco RV320/RV325 Routers Command Injection Vulnerability

January 28, 2019

Rewterz Threat Advisory – Microsoft Exchange Sever 2013 CU21/ 2019/ 2016 CU11 API call privilege escalation

SEVERITY: High

CATEGORY: Vulnerability

ANALYSIS SUMMARY

Microsoft Exchange could allow a local authenticated attacker to gain elevated privileges on the system, caused by default high privileges in the Active Directory domain. By using an API call, an attacker could exploit this vulnerability to become a Domain Admin and gain elevated privileges on the system. The Exchange Windows Permissions group has WriteDacl access on the domain object in active directory, which enables any member of this group to modify the domain privileges, among which is the privilege to perform DCSync operations.

IMPACT

Privilege Escalation

AFFECTED PRODUCTS

Microsoft Exchange Server 2013 CU21
Microsoft Exchange Server 2019
Microsoft Exchange Server 2016 CU11

REMEDIATION

Vendor has not released any of the updates for the following vulnerability.

Rewterz Threat Alert: RDP Tunneling leading to network security bypass

Rewterz Threat Advisory – CVE-2019-1652 – Cisco RV320/RV325 Routers Command Injection Vulnerability

Rewterz Threat Advisory – Microsoft Exchange Sever 2013 CU21/ 2019/ 2016 CU11 API call privilege escalation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan