header-logo
Suggest Exploit
vendor:
Microsoft Exchange Active Directory Topology
by:
Milad Karimi (Ex3ptionaL)
7.5
CVSS
HIGH
Unquoted Service Path
426
CWE
Product Name: Microsoft Exchange Active Directory Topology
Affected Version From: 15.02.1118.007
Affected Version To: 15.02.1118.007
Patch Exists: NO
Related CWE:
CPE: a:microsoft:exchange_server:15.02.1118.007
Metasploit:
Other Scripts:
Platforms Tested: Microsoft Exchange Server 2019 CU12
2023

Microsoft Exchange Active Directory Topology 15.02.1118.007 – ‘Service MSExchangeADTopology’ Unquoted Service Path

The 'Service MSExchangeADTopology' in Microsoft Exchange Active Directory Topology version 15.02.1118.007 has an unquoted service path vulnerability. This allows an attacker with local access to escalate privileges by placing a malicious executable in a directory higher in the search order than the legitimate executable.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of Microsoft Exchange Active Directory Topology.
Source

Exploit-DB raw data:

# Exploit Title: Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Exploit Date: 2023-01-18
# Vendor : Microsoft
# Version : 15.02.1118.007
# Tested on OS: Microsoft Exchange Server 2019 CU12

#PoC :
==============

C:\>sc qc MSExchangeADTopology
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: MSExchangeADTopology
        TIPO                      : 10  WIN32_OWN_PROCESS
        TIPO_AVVIO                : 2   AUTO_START
        CONTROLLO_ERRORE          : 1   NORMAL
        NOME_PERCORSO_BINARIO     : C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Directory.TopologyService.exe
        GRUPPO_ORDINE_CARICAMENTO : 
        TAG                       : 0
        NOME_VISUALIZZATO         : Microsoft Exchange Active Directory Topology
        DIPENDENZE                :
        SERVICE_START_NAME : LocalSystem
           

Navigation

Suggest Exploit

Services By CQR