![]() While no particular details were provided, Microsoft did provide a script to audit your Exchange server for mail items that might be being used to exploit the issue. ![]() Having recently given a talk on leveraging NTLM relaying during red team engagements at FiestaCon, this vulnerability particularly stood out to me and warranted further analysis. However, no specific details were provided on how to exploit the vulnerability.Īt MDSec, we’re continually looking to weaponise both private and public vulnerabilities to assist us during our red team operations. Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. The vulnerability is described as follows: Today saw Microsoft patch an interesting vulnerability in Microsoft Outlook.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |