Microsoft Exchange Server and Windows DHCP Server Vulnerabilities Alert

Microsoft released a routine security update that fixes multiple vulnerabilities in products such as Internet Explorer, Microsoft Edge, Microsoft Office, and Microsoft Exchange Server. This security update resolves the previous “PrivExchange” issue. The CVE-2018-8581 Microsoft Exchange Server privilege elevation vulnerability in November 2018 was fundamentally resolved in this patch. In the February Patch Tuesday, Microsoft fixed 77 vulnerabilities. The CVE-2019-0686, CVE-2019-0724 (Microsoft Exchange Server Elevation of Privilege Vulnerability) and CVE-2019-0626 (Windows DHCP Server Remote Code Execution Vulnerability) in this announcement have a wide range of impacts. So the system admins need a high degree of attention.

Microsoft November Patch Tuesday

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2019-0686

An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users.

Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user.

CVE-2019-0724

An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as a Domain Administrator.

Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Active Directory domain controller, thereby facilitating gaining of increased privileges on the domain controller.

Affected version

  • Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 26
  • Microsoft Exchange Server 2013 Cumulative Update 22
  • Microsoft Exchange Server 2016 Cumulative Update 12
  • Microsoft Exchange Server 2019 Cumulative Update 1

Solution

Download and install February Patch Tuesday.

Windows DHCP Server Remote Code Execution Vulnerability

CVE-2019-0626

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server.

To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server.

Affected version

All Windows versions

Solution