Government of the Republic of Trinidad and Tobago                                                                                                                                        


TTCSIRT-214.062819: TT-CSIRT Advisory – Microsoft Security Updates

28th June 2019

Microsoft has released a security update stating that it has discovered a vulnerability in Microsoft Exchange 2013 which can allow a remote attacker to gain administrative privileges.

This is issue is caused due to one of the EWS API functions called PushSubscriptionRequest. This can be can be used to cause the Exchange server to connect to an arbitrary website. Connections made using the PushSubscriptionRequest function will attempt to negotiate with the arbitrary web server using NTLM authentication which is vulnerable to relay attacks.

Further information on this vulnerability and how it can be mitigated can be found on the Microsoft Website at