Inside the Briefcase

How to Transform Your Website into a Lead Generating Machine

How to Transform Your Website into a Lead Generating Machine

Responsive customer service has become of special importance, as...

Ironclad SaaS Security for Cloud-Forward Enterprises

Ironclad SaaS Security for Cloud-Forward Enterprises

The 2015 Anthem data breach was the result of...

The Key Benefits of Using Social Media for Business

The Key Benefits of Using Social Media for Business

Worldwide, there are more than 2.6 billion social media...

Forrester’s 2019 Predictions: The year transformation goes pragmatic

Forrester’s 2019 Predictions: The year transformation goes pragmatic

2019 represents a year when strategic ambitions will translate...

Infographic: The Three Pillars of Digital Identity: Trust, Consent, Knowledge

Infographic: The Three Pillars of Digital Identity: Trust, Consent, Knowledge

8,434 adults were surveyed to gauge consumer awareness of...

STEALTHbits mitigates new Microsoft Exchange Server Vuln that gives any user Domain Admin privileges

February 9, 2019 No Comments

Featured article by Peter Kelley, the Kelley Group Two

STEALTHbits Technologies has announced mitigation capabilities for the recently-discovered* Microsoft Exchange privilege escalation attack that lets any user become a Domain Admin, and is making its solutions available as a free trial for 30 days upon registration and request.

Darin Pendergraft, VP of Product Marketing with STEALTHbits Technologies, said: “Attackers have figured out a way to trick Microsoft Exchange into sending its login information. If an attacker sends a specific type of command, the Exchange server responds with its login. The attacker records and then forwards that login to the Active Directory system. Active Directory then thinks the attacker is the Exchange server, which has a lot of powerful privileges on the system.

“Now logged in as the Exchange server, the attacker can request password information from Active Directory in order to take over other accounts and to steal or encrypt data.

The attack was first reported by researcher Dirk-jan Mollema in late January. It combines known vulns to achieve privilege escalation and attack Active Directory through three steps:

1. An attacker sends a request to Exchange that causes Exchange to respond with an NTLM authentication request over HTTP;

2. Exchange responds, and because NTLM is susceptible to man-in-the-middle relay attacks all the attacker has to do is forward the authentication request to Active Directory, which

3. thinks the attacker’s machine is Exchange and treats it with the privileges that Exchange normally has. The attacker is able to create new admin accounts or modify privilege, and hacker toolkits like Mimikatz to perform a DCSync attack and obtain password hashes for any account in the domain. From there, the attacker can pretty much do anything they want to do.

“This is where STEALTHbits’ mitigation can help by detecting and blocking unusual login activity, watching for the creation of new admin accounts, and preventing the attacker from requesting password information from Active Directory,” Pendergraft said.

To register for the STEALTHbits free trial, go to: STEALTHbits mitigates a new vulnerability that uses Exchange Authentication to gain AD Admin privileges

 About the Author

Peter Kelley is a technology writer and mid-century modern design fan with The Kelley Group Two.

News, SECURITY, SOCIAL BUSINESS

Sorry, the comment form is closed at this time.

ADVERTISEMENT

Gartner