tsellers-r7 (3)

Last Login: October 28, 2020
Assessments
1
Score
3

tsellers-r7's Contributions (1)

Sort by:
Filter by:
2
Ratings
Common in enterpriseGives privileged accessVulnerable in default configurationAuthenticated
Technical Analysis

Discovery Notes

You can determine the version of Microsoft Exchange that the Client Access Servers (CAS) are running prior to authentication. Visit the OWA login page ( https://owa.probablyunpatched.com/owa/auth/logon.aspx) and view the source.

@font-face {
    font-family: "Segoe UI WPC";
    src: url("/owa/auth/15.0.1210/themes/resources/segoeui-regular.eot?#iefix") format("embedded-opentype"),
            url("/owa/auth/15.0.1210/themes/resources/segoeui-regular.ttf") format("truetype");
}

@font-face {
    font-family: "Segoe UI WPC Semilight";
    src: url("/owa/auth/15.0.1210/themes/resources/segoeui-semilight.eot?#iefix") format("embedded-opentype"),
        url("/owa/auth/15.0.1210/themes/resources/segoeui-semilight.ttf") format("truetype");
}

@font-face {
    font-family: "Segoe UI WPC Semibold";
    src: url("/owa/auth/15.0.1210/themes/resources/segoeui-semibold.eot?#iefix") format("embedded-opentype"),
        url("/owa/auth/15.0.1210/themes/resources/segoeui-semibold.ttf") format("truetype");
}

The versions there can be compared to the Exchange build lookup list provided by Microsoft
https://docs.microsoft.com/en-us/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019

The following Exchange versions may be safe. Microsoft isn’t consistently updating the build number as part of the update installation process. Anything newer is probably patched.

Exchange Release Build Number
Microsoft Exchange Server 2019 Cumulative Update 4 + hotfix 15.2.529.xxx
Microsoft Exchange Server 2019 Cumulative Update 3 + hotfix 15.2.464.xxx
Microsoft Exchange Server 2016 Cumulative Update 16 + hotfix 15.1.1979.xxx
Microsoft Exchange Server 2016 Cumulative Update 15 + hotfix 15.1.1913.xxx
Microsoft Exchange Server 2016 Cumulative Update 14 + hotfix 15.1.1847.xxx
Microsoft Exchange Server 2013 Cumulative Update 23 + hotfix 15.0.1497.xxx
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30 14.3.496.xxx

Any version matching those listed below or that are older than those listed below are definately vulnerable.

Exchange Release Build Number
Microsoft Exchange Server 2019 Cumulative Update 2 15.2.397.3
Microsoft Exchange Server 2016 Cumulative Update 14 15.1.1779.2
Microsoft Exchange Server 2013 Cumulative Update 22 15.0.1473.3
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 29 14.3.487.0