History
2017 - Researchers Andy Robbins and Will Schroeder highlighted issues with Exchange permissions in a document "Designing Active Directory DACL Backdoors".
2018.04.26 - Rindert Kramer and Dirk-jan Mollema at published an article "Escalating privileges with ACLs in Active Directory".
2018.11.13 - Microsoft published "CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability".2018.04.26 - Rindert Kramer and Dirk-jan Mollema at published an article "Escalating privileges with ACLs in Active Directory".
2018.12.19.12 - The ZDI published article "AN INSINCERE FORM OF FLATTERY: IMPERSONATING USERS ON MICROSOFT EXCHANGE" with exploit for CVE-2018-8581.
2019.01.21 - Hacker Dirk-jan Mollema published the PoC "Abusing Exchange: One API call away from Domain Admin".
2019.01.28 - CERT Coordination Center published vulnerability note VU#465632 "Microsoft Exchange server 2013 and newer are vulnerable to NTLM relay attacks".
2019.02.05 - Microsoft published "ADV190007 | Guidance for "PrivExchange" Elevation of Privilege Vulnerability"
2019.02.12 - Microsoft published articles "CVE-2019-0686 | Microsoft Exchange Server Elevation of Privilege Vulnerability" and "CVE-2019-0724 | Microsoft Exchange Server Elevation of Privilege Vulnerability"
2019.02.12 - Microsoft published "February 2019 Quarterly Exchange Updates" with patches for all related vulnerabilities.