We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hey,
I noticed that this ACE here in my lab environment:
ObjectDN : CN=AdminSDHolder,CN=System,DC=external,DC=local InheritedObject : Computer Object : Alt-Security-Identities ActiveDirectoryRights : WriteProperty InheritanceType : All ObjectType : 00fbf30c-91fe-11d1-aebc-0000f80367c1 InheritedObjectType : bf967a86-0de6-11d0-a285-00aa003049e2 ObjectFlags : ObjectAceTypePresent, InheritedObjectAceTypePresent AccessControlType : Deny IdentityReference : EXTERNAL\Exchange Trusted Subsystem IsInherited : False InheritanceFlags : ContainerInherit PropagationFlags : None
There is an identical ACE on the domain head object. So the attack is now limited to users which are not protected by AdminSDHolder.
I can't find any information from Microsoft regarding when/how they added that. The only thing I could find was this comment on reddit: https://www.reddit.com/r/exchangeserver/comments/m0bafh/exchange_2016_cu19_ad_permission_change/
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hey,
I noticed that this ACE here in my lab environment:
There is an identical ACE on the domain head object. So the attack is now limited to users which are not protected by AdminSDHolder.
I can't find any information from Microsoft regarding when/how they added that. The only thing I could find was this comment on reddit: https://www.reddit.com/r/exchangeserver/comments/m0bafh/exchange_2016_cu19_ad_permission_change/
The text was updated successfully, but these errors were encountered: