Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized...

ITBriefcase.net Membership!

ITBriefcase.net Membership!

Tweet Register as an ITBriefcase.net member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

STEALTHbits mitigates new Microsoft Exchange Server Vuln that gives any user Domain Admin privileges

February 9, 2019 No Comments

Featured article by Peter Kelley, the Kelley Group Two

STEALTHbits Technologies has announced mitigation capabilities for the recently-discovered* Microsoft Exchange privilege escalation attack that lets any user become a Domain Admin, and is making its solutions available as a free trial for 30 days upon registration and request.

Darin Pendergraft, VP of Product Marketing with STEALTHbits Technologies, said: “Attackers have figured out a way to trick Microsoft Exchange into sending its login information. If an attacker sends a specific type of command, the Exchange server responds with its login. The attacker records and then forwards that login to the Active Directory system. Active Directory then thinks the attacker is the Exchange server, which has a lot of powerful privileges on the system.

“Now logged in as the Exchange server, the attacker can request password information from Active Directory in order to take over other accounts and to steal or encrypt data.

The attack was first reported by researcher Dirk-jan Mollema in late January. It combines known vulns to achieve privilege escalation and attack Active Directory through three steps:

1. An attacker sends a request to Exchange that causes Exchange to respond with an NTLM authentication request over HTTP;

2. Exchange responds, and because NTLM is susceptible to man-in-the-middle relay attacks all the attacker has to do is forward the authentication request to Active Directory, which

3. thinks the attacker’s machine is Exchange and treats it with the privileges that Exchange normally has. The attacker is able to create new admin accounts or modify privilege, and hacker toolkits like Mimikatz to perform a DCSync attack and obtain password hashes for any account in the domain. From there, the attacker can pretty much do anything they want to do.

“This is where STEALTHbits’ mitigation can help by detecting and blocking unusual login activity, watching for the creation of new admin accounts, and preventing the attacker from requesting password information from Active Directory,” Pendergraft said.

To register for the STEALTHbits free trial, go to: STEALTHbits mitigates a new vulnerability that uses Exchange Authentication to gain AD Admin privileges

 About the Author

Peter Kelley is a technology writer and mid-century modern design fan with The Kelley Group Two.

Sorry, the comment form is closed at this time.

  • TOPICS

     APPLICATION INTEGRATION
     DATA and ANALYTICS 
     DIGITAL HEALTH
     SOCIAL BUSINESS
     MOBILE DATA
     DATA SECURITY
     DATA PRIVACY
     CLOUD DATA
     HR TECHNOLOGY

    • ADVERTISEMENT

    DTX ExCeL London

    WomeninTech






    IT BRIEFCASE MEDIA PARTNERS
    Gartner

    IBC 365

    Gartner

    cloudexpo

    unicom

    tdwi

    World Congress

    Witi

    Broadgroup

    The Open Group

    gsmi

    tmforum