The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.
Microsoft acknowledged an elevated privilege flaw in its Exchange Server could allow a remote attacker with a simple mailbox account to gain administrator privileges.
Both a Microsoft advisory and a US-CERT alert were issued on Tuesday warning users of the elevation of privilege flaw, dubbed “PrivExchange,” which has a “high severity” CVSS score of 8.3. The flaw exists due to a perfect storm of default settings in Microsoft Exchange Server and the mail server and calendaring server that run on Windows Server operating systems. According to Microsoft, Exchange 2013 and newer versions are impacted.
For More Details :
https://threatpost.com/microsoft-confirms-serious-privexchange-vulnerability/141553/
