Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62201992717
HistoryJan 24, 2019 - 12:00 a.m.

Exchange Server mention the right vulnerability alerts-a vulnerability alert-the black bar safety net

2019-01-2400:00:00
佚名
www.myhack58.com
65

0.029 Low

EPSS

Percentile

90.8%

JSON

0x00 vulnerability background
The vulnerability to the MSRC in 2018 年 11 月 13 published a can on the Exchange Server to achieve elevation of privilege vulnerability number CVE-2018-8581。 According to the MSRC of the vulnerability description information that the attacker successfully exploits this vulnerability can achieve the control of the Exchange Server to any user of the effect. Then ZDI in 2018 12 November 19 published a blog post published in the vulnerability of the technical details and the use of methods that exploit the effect achieved with the MSRC of the vulnerability the description is the same. Recently, there are foreign security researchers-binding domain of attack skills to a new use, and on their blog disclosed a new way of utilizing the technical details and use the code. For the vulnerability of the new use patterns can directly impact to pre-control, and the official has not introduced corresponding to the repair patch, serious harm, 360CERT recommended to use the Exchange Server the user should as soon as possible to take corresponding mitigation measures on the vulnerability protection.

0x01 affect the scope of the
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019

0x02 mitigation measures
MSRC for the vulnerability given the mitigation measures is in the registry delete the DisableLoopbackCheck key value, with administrator privileges in the Command Prompt window execute the following command
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableLoopbackCheck /f
For the new use need to use LDAP relay attacks, by enabling LDAP signing mechanism and the LDAP channel binding mechanism for relief. At the same time, the relay attack is from HTTP to the LDAP, via the Exchange Server on the mandatory SMB signing is enabled mechanisms can also play a relieve role.

0x03 timeline
2018-11-13 MSRC disclosure vulnerability
2018-12-19 ZDI blog post disclosure of exploit details
2019-01-21 security researchers disclosed a new use
2019-01-23 360CERT for the new use of way early warning

Related

symantec 1
cisa_kev 1
myhack58 1
mscve 5
cvelist 1
kaspersky 1
zdi 1
checkpoint_advisories 1
attackerkb 1
prion 1
nvd 1
nessus 1
cve 1
threatpost 1
qualysblog 2
talosblog 1
thn 1
symantec
symantec
Microsoft Exchange Server CVE-2018-8581 Remote Privilege Escalation Vulnerability
2018-11-13 00:00:00
cisa_kev
cisa_kev
Microsoft Exchange Server Privilege Escalation Vulnerability
2022-03-03 00:00:00
myhack58
myhack58
Ship new releases of Exchange Server to mention the right vulnerability analysis-vulnerability warning-the black bar safety net
2019-01-25 00:00:00
mscve
mscve
Microsoft Exchange Server Elevation of Privilege Vulnerability
2018-11-13 08:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-03-02 08:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-03-02 08:00:00
cvelist
cvelist
CVE-2018-8581
2018-11-14 01:00:00
kaspersky
kaspersky
KLA11350 PE vulnerability in Microsoft Exchange Server
2018-11-13 00:00:00
zdi
zdi
Microsoft Exchange Server NTLM Reflection EWS User Impersonation Vulnerability
2018-11-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Exchange Server Privilege Escalation (CVE-2018-8581)
2019-02-11 00:00:00
attackerkb
attackerkb
CVE-2018-8581
2018-11-14 00:00:00
prion
prion
Privilege escalation
2018-11-14 01:29:00
nvd
nvd
CVE-2018-8581
2018-11-14 01:29:01
nessus
nessus
Microsoft Exchange Server Elevation of Privilege Vulnerability (November 2018)
2018-11-16 00:00:00
cve
cve
CVE-2018-8581
2018-11-14 01:29:01
threatpost
threatpost
Exchange Servers Under Active Attack via ProxyShell Bugs
2021-08-13 18:56:27
qualysblog
qualysblog
Qualys Security Advisory: SolarWinds / FireEye
2020-12-22 21:17:31
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach
2020-12-10 00:48:29
talosblog
talosblog
Microsoft Patch Tuesday — November 2018: Vulnerability disclosures and Snort coverage
2018-11-13 10:53:00
thn
thn
63 New Flaws (Including 0-Days) Windows Users Need to Patch Now
2018-11-14 09:55:00

0.029 Low

EPSS

Percentile

90.8%

JSON
Related for MYHACK58:62201992717
symantec1cisa_kev1myhack581mscve5cvelist1kaspersky1zdi1checkpoint_advisories1attackerkb1prion1nvd1nessus1cve1threatpost1qualysblog2talosblog1thn1