Open Mon - Fri: 9:00AM to 5:30PM

Microsoft Exchange vulnerable to ‘PrivExchange’ zero-day

Proof-of-concept tool lets attackers escalate a hacked inbox to admin on a company’s internal domain controller.

Microsoft Exchange 2013 and newer are vulnerable to a zero-day named “PrivExchange” that allows a remote attacker with just the credentials of a single lowly Exchange mailbox user to gain Domain Controller admin privileges with the help of a simple Python tool.

Read more…