The ball was revealed with a big hole in security, exactly what it means, actually what the bulk of the servers running Microsoft Exchange 2013 and higher have all the chances to be hacked in order to allow the offenders the full rights of the administrator of the domain controller, allowing them to make an account on the server and motivated all the way out and retreat at will.

All that is necessary for the PrivExchange attack is the address of the e-mail and the password of the user of the mailbox, and in some cases including not it.

Hackers are ready to compromise the server, using a combination of 3 vulnerabilities that:

1. Microsoft Exchange servers have the function of Exchange Web Services (EWS), which the villains have a chance to apply for the test of the authenticity of the Exchange servers on the website controlled by the attacker, with support for account the computer Exchange server.
2. This authentication test is performed with support for NTLM hashes sent over HTTP, and the Exchange server is not yet able to enter the character and print flags for the NTLM operation, which actually prepares the NTLM authentication test vulnerable to relay attacks and allows the villain to get the NTLM hash of the Exchange server (the password of the Windows computer account).
3. Microsoft Exchange servers specified by default, with access to almost all transactions with the superior advantages of actually what it means, actually what the offender has the opportunity to use not long ago hacked the account of the Exchange server computer in order to access the admin on the domain controller of the company, in fact that gives them the chance to make more accounts backdoor on request.

The hack works on fully patched Windows servers, and a real-time patch is not available.