В Microsoft Exchange нашли 0-day уязвимость PrivExchange
https://xakep.ru/2019/01/29/privexchange/
+
Abusing Exchange: One API call away from Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
+
Exchange your privileges for Domain Admin privs by abusing Exchange
https://github.com/dirkjanm/privexchange/
https://xakep.ru/2019/01/29/privexchange/
+
Abusing Exchange: One API call away from Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
+
Exchange your privileges for Domain Admin privs by abusing Exchange
https://github.com/dirkjanm/privexchange/