New Microsoft Exchange Vulnerability Exposes Domain Admin Privileges: Here’s What to Do

Microsoft NTLM

Last week, the CERT Coordination Center (CERT/CC) issued a vulnerability note warning versions of Microsoft Exchange 2013 and newer are vulnerable to an NTLM relay attack that allows for attackers to gain domain admin privileges. Organizations that rely on Microsoft Exchange are currently at risk of a serious data breach. This attack is particularly concerning given that it obtains privileges to the domain controller, which is essentially the “keys to the kingdom.” We’ve simplified some of the specifics of this attack for the purposes of this blog, but for a full technical breakdown, please see research from Dirk-jan Mollema.