Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path

vendor:

Microsoft Exchange Server

by:

Antonio Cuomo (arkantolo)

7.5

CVSS

HIGH

Unquoted Service Path

428

CWE

Product Name: Microsoft Exchange Server

Affected Version From: 15.0.847.40

Affected Version To: 15.0.847.40

Patch Exists: NO

Related CWE:

CPE: a:microsoft:exchange_server

Metasploit:

Other Scripts:

Platforms Tested: Microsoft Exchange Server 2013 SP1

2022

Microsoft Exchange Active Directory Topology 15.0.847.40 – ‘Service MSExchangeADTopology’ Unquoted Service Path

The Microsoft Exchange Active Directory Topology service in version 15.0.847.40 is vulnerable to an unquoted service path vulnerability. An attacker with local access to the system can exploit this vulnerability to escalate privileges and execute arbitrary code.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security updates provided by Microsoft.

Source

Exploit-DB raw data:

# Exploit Title: Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path
# Exploit Author: Antonio Cuomo (arkantolo)
# Exploit Date: 2022-04-11
# Vendor : Microsoft
# Version : 15.0.847.40
# Tested on OS: Microsoft Exchange Server 2013 SP1

#PoC :
==============

C:\>sc qc MSExchangeADTopology
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: MSExchangeADTopology
        TIPO                      : 10  WIN32_OWN_PROCESS
        TIPO_AVVIO                : 2   AUTO_START
        CONTROLLO_ERRORE          : 1   NORMAL
        NOME_PERCORSO_BINARIO     : C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Directory.TopologyService.exe
        GRUPPO_ORDINE_CARICAMENTO : 
        TAG                       : 0
        NOME_VISUALIZZATO         : Microsoft Exchange Active Directory Topology
        DIPENDENZE                :
        SERVICE_START_NAME : LocalSystem