Despite Exchange 2010 not being affected by the #privexchange PoC in my testing, Microsoft has listed Exchange 2010 in their new advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190007 …
Perhaps they know of a variant that affects 2010.
Still no update at this time, so be sure to apply workarounds!
-
-
Not so fast... When this change happened, MSRC adopted the incorrect mindset that a CVE ID is used to refer to a software update, rather than a vulnerability. Because no software update has been released for Exchange, Microsoft has not yet publicly referred to it by its CVE ID.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.