The international coordination center for vulnerability disclosures has alerted about this critical error
The CERT Coordination Center (CERT/CC) has launched a vulnerability warning for Microsoft Exchange 2013 and later versions. According to network security and ethical hacking specialists from the International Institute of Cyber Security, the problem with Microsoft’s online service is a vulnerability to NTLM relay attacks.
The problem, which has not yet been patched and does not seem to have a practical solution, exists due to a flaw in the Microsoft Exchange software to set signature and stamp marks on NTLM authentication traffic. In line with network security specialists, remote attackers gain Exchange server privileges. This error is especially risky for Microsoft Exchange, as it provides broad default privileges.
“Exchange Server privileges obtained through this vulnerability can be used to obtain Domain Admin privileges for the domain containing the compromised Exchange server,” mentions the CERT/CC security alert.
Consequently, an attacker in possession of the credentials of an Exchange mailbox is also able to communicate with an Exchange Server and a Windows domain controller for domain Admin privileges. In addition, network security experts mention that completing this attack is possible even if the hacker does not have Exchange mailbox passwords.
The CERT/CC recommends two possible risk mitigations. The first is to disable EWS push/pull subscriptions; In addition, the user could delete the privileges that Exchange has in the domain object.