Shulou(Shulou.com)06/02 Report--

Among the vulnerabilities recently released by Microsoft, we can see the description of "CVE-2018-8581 | Microsoft Exchange Server privilege escalation vulnerability". The release link is https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2018-8581, so the solution to this problem is also pointed out in the document that can be solved by the following methods:

There is a registry key named HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa. If this registry key is deleted, the vulnerability described in CVE-2018-8581 cannot be exploited.

To delete the registry key, type the following command in the promoted CMD window:

Reg delete HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa / v DisableLoopbackCheck / f

After deleting this registry key, there is no need to restart the operating system or Exchange Server.

Of course, there is no practical use after the actual test, and the vulnerability can continue to be exploited after deletion!

Until 2019-01-03, Microsoft added another update to this vulnerability description, referring to the following:

The FAQ was updated to clarify that the registry value should be deleted rather than the registry key. This is an informational change only.

According to this description, we only need to clear the DisableLoopbackCheck value, not delete it! After testing, when the DisableLoopbackCheck value is cleared, the value is changed to 0, and the privilege cannot be elevated through the script test.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.