Published: 05/03/2019 Updated: 24/08/2020

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 1000

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft exchange server 2016
microsoft exchange server 2010
microsoft exchange server 2013
microsoft exchange server 2019

This module exploits a privilege escalation vulnerability found in Microsoft Exchange - CVE-2019-0724 Execution of the module will force Exchange to authenticate to an arbitrary URL over HTTP via the Exchange PushSubscription feature This allows us to relay the NTLM authentication to a Domain Controller and authenticate with the pr ...

This module exploits a privilege escalation vulnerability found in Microsoft Exchange - CVE-2019-0724 Execution of the module will force Exchange to authenticate to an arbitrary URL over HTTP via the Exchange PushSubscription feature. This allows us to relay the NTLM authentication to a Domain Controller and authenticate with the privileges that Exchange is configured. The module is based on the work by @_dirkjan,

msf > use auxiliary/scanner/http/exchange_web_server_pushsubscription
msf auxiliary(exchange_web_server_pushsubscription) > show actions
    ...actions...
msf auxiliary(exchange_web_server_pushsubscription) > set ACTION < action-name >
msf auxiliary(exchange_web_server_pushsubscription) > show options
    ...show and set options...
msf auxiliary(exchange_web_server_pushsubscription) > run

This module exploits a privilege escalation vulnerability found in Microsoft Exchange - CVE-2019-0724 Execution of the module will force Exchange to authenticate to an arbitrary URL over HTTP via the Exchange PushSubscription feature. This allows us to relay the NTLM authentication to a Domain Controller and authenticate with the privileges that Exchange is configured. The module is based on the work by @_dirkjan,

msf > use auxiliary/scanner/http/exchange_web_server_pushsubscription
msf auxiliary(exchange_web_server_pushsubscription) > show actions
    ...actions...
msf auxiliary(exchange_web_server_pushsubscription) > set ACTION < action-name >
msf auxiliary(exchange_web_server_pushsubscription) > show options
    ...show and set options...
msf auxiliary(exchange_web_server_pushsubscription) > run

Microsoft Patch Tuesday – February 2019

Symantec Threat Intelligence Blog • Ratheesh PM • 13 Feb 2024

This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical.

Posted: 13 Feb, 201922 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – February 2019This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid hand...

CVE-2019-0724

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Recent Articles

References

Vulmon Search

About

Products

Connect