Detections
Analytics

Exchange Dangerous Misconfigurations

high

Language:

Description

In 2021, a Google researcher disclosed a major vulnerability (CVE-2021-34470) in Microsoft Exchange Server's Active Directory (AD) schema objects. Attackers could exploit this vulnerability by leveraging an AD schema misconfiguration to escalate privileges. The issue originates from the addition and initial configuration of the "msExchStorageGroup" object class during Exchange installation, which allows unauthorized creation of AD objects, including users and groups.

Solution

Certain Exchange parameters significantly affect the security of the entire Active Directory (AD) and therefore demand careful and precise configuration.

See Also

Exchange - AD Schema Misconfiguration Elevation of Privilege

Indicator Details

Name: Exchange Dangerous Misconfigurations

Codename: C-EXCHANGE-MISCONFIG

Severity: High

Type: Active Directory Indicator of Exposure

MITRE ATT&CK Information:

Attacker Known Tools

Google researcher: poc_exchange_schema.ps1