{"id":3840,"date":"2019-01-29T15:58:02","date_gmt":"2019-01-29T15:58:02","guid":{"rendered":"https:\/\/www.camcert.gov.kh\/?p=3840"},"modified":"2019-01-29T15:59:13","modified_gmt":"2019-01-29T15:59:13","slug":"camsa19-05-cert-cc-report-microsoft-exchange-2013-ntlm-relay-attacks","status":"publish","type":"post","link":"https:\/\/www.camcert.gov.kh\/en\/camsa19-05-cert-cc-report-microsoft-exchange-2013-ntlm-relay-attacks\/","title":{"rendered":"CamSA19-05: \u179a\u1794\u17b6\u1799\u1780\u17b6\u179a\u178e\u17cd\u179a\u1794\u179f\u17cb CERT\/CC \u179f\u17d2\u178f\u17b8\u1796\u17b8 Microsoft exchange 2013 \u1793\u17b7\u1784\u1780\u17c6\u178e\u17c2\u1790\u17d2\u1798\u17b8\u17d7\u1795\u17d2\u179f\u17c1\u1784\u1791\u17c0\u178f\u179a\u1784\u1795\u179b\u1794\u17c9\u17c7\u1796\u17b6\u179b\u17cb\u1796\u17b8\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a NTLM Relay Attacks"},"content":{"rendered":"<p><strong>\u17e1.\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1791\u17bc\u1791\u17c5<\/strong><\/p>\n<p>CERT Coordination Center (CERT\/CC) \u1794\u17b6\u1793\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1785\u17c1\u1789\u1795\u17d2\u179f\u17b6\u1799\u1793\u17bc\u179c\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u179f\u17d2\u178f\u17b8\u1796\u17b8\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u200b\u179a NTLM Relay Attacks \u178a\u17c2\u179b\u1798\u17b6\u1793\u1795\u179b\u1794\u17c9\u17c8\u1796\u17b6\u179b\u17cb\u1791\u17c5\u179b\u17be\u1795\u179b\u17b7\u178f\u1795\u179b Microsoft exchange 2013 \u1793\u17b7\u1784\u1795\u179b\u17b7\u178f\u1795\u179b\u1787\u17c6\u1793\u17b6\u1793\u17cb\u1780\u17d2\u179a\u17c4\u1799\u17d7 \u1780\u17b6\u179b\u1796\u17b8\u1790\u17d2\u1784\u17c3\u1791\u17b8\u17e2\u17e8 \u1781\u17c2\u1798\u1780\u179a\u17b6 \u1786\u17d2\u1793\u17b6\u17c6\u17e2\u17e0\u17e1\u17e9\u17d4<\/p>\n<p>\u1780\u17b6\u179a\u179c\u17b6\u1799\u179b\u17bb\u1780\u178a\u17c4\u1799\u1787\u17c4\u1782\u1787\u17d0\u1799\u1791\u17c5\u179b\u17be\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1793\u17c1\u17c7 \u17a2\u17b6\u1785\u17a2\u1793\u17bb\u1789\u17d2\u1789\u17b6\u178f\u17b2\u17d2\u1799\u1798\u17b6\u1793\u1780\u17b6\u179a\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1780\u17bc\u178a\u1796\u17b8\u1785\u17c6\u1784\u17b6\u1799 (remote code) \u178a\u17c4\u1799\u17a0\u17c1\u1782\u1783\u17d0\u179a\u17d4<\/p>\n<p><strong>\u17e2.\u1795\u179b\u17b7\u178f\u1795\u179b\u178a\u17c2\u179b\u179a\u1784\u1795\u179b\u1794\u17c9\u17c7\u1796\u17b6\u179b\u17cb<\/strong><\/p>\n<p>Microsoft exchange 2013 \u1793\u17b7\u1784\u1780\u17c6\u178e\u17c2\u1790\u17d2\u1798\u17b8\u17d7\u1795\u17d2\u179f\u17c1\u1784\u17d7\u1791\u17c0\u178f<\/p>\n<p><strong>\u17e3.\u1795\u179b\u1794\u17c9\u17c7\u1796\u17b6\u179b\u17cb<\/strong><\/p>\n<p>\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u178a\u17c2\u179b\u1798\u17b6\u1793\u1782\u178e\u1793\u17b8\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb Exchange mailbox \u17a0\u17be\u1799\u17a2\u17b6\u1785\u1797\u17d2\u1787\u17b6\u1794\u17cb\u1791\u17c6\u1793\u17b6\u1780\u17cb\u1791\u17c6\u1793\u1784\u1787\u17b6\u1798\u17bd\u1799\u1791\u17b6\u17c6\u1784\u1798\u17c9\u17b6\u179f\u17ca\u17b8\u1793\u1780\u17bb\u17c6\u1796\u17d2\u1799\u17bc\u1791\u17d0\u179a\u1798\u17c1 (server) Microsoft Exchange \u1793\u17b7\u1784 Window domain controller \u1794\u17d2\u179a\u17a0\u17c2\u179b\u1787\u17b6\u17a2\u17b6\u1785\u1798\u17b6\u1793\u179f\u17b7\u1791\u17d2\u1792\u17b7\u1796\u17c1\u1789\u179b\u17c1\u1789\u1787\u17b6\u200b\u17a2\u1797\u17b7\u1794\u17b6\u179b\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784 domain\u17d4 \u1785\u17c6\u1793\u17bb\u1785\u1793\u17c1\u17c7\u1780\u17cf\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u179a\u17b6\u1799\u1780\u17b6\u179a\u178e\u17cd\u1795\u1784\u178a\u17c2\u179a\u1790\u17b6 \u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u178a\u17c2\u179b\u1798\u17b7\u1793\u1794\u17b6\u1793\u178a\u17b9\u1784\u17a2\u17c6\u1796\u17b8\u1782\u178e\u1793\u17b8\u179a\u1794\u179f\u17cb Exchange user \u1780\u17cf\u1794\u17d2\u179a\u17a0\u17c2\u179b\u1787\u17b6\u17a2\u17b6\u1785\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1791\u1798\u17d2\u179a\u1784\u17cb\u178a\u17bc\u1785\u1782\u17d2\u1793\u17b6 \u178a\u17c4\u1799\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a relay attack \u178f\u17b6\u1798\u179a\u1799\u17c8 SMB \u1791\u17c5\u1780\u17b6\u1793\u17cb HTTP \u1796\u17c1\u179b\u178a\u17c2\u179b\u1782\u17c1\u179f\u17d2\u1790\u17b7\u178f\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1794\u178e\u17d2\u178f\u17b6\u1789\u178f\u17c2\u1798\u17bd\u1799\u1793\u17b9\u1784\u1798\u17c9\u17b6\u179f\u17ca\u17b8\u1793\u1780\u17bb\u17c6\u1796\u17d2\u1799\u17bc\u1791\u17d0\u179a\u1798\u17c1 Exchange\u17d4<\/p>\n<p><strong>\u17e4.\u1780\u17b6\u179a\u178e\u17c2\u1793\u17b6\u17c6<\/strong><\/p>\n<p>\u178f\u17b6\u1798\u179a\u1799\u17c8\u1780\u17b6\u179a\u1785\u17c1\u1789\u1795\u17d2\u179f\u17b6\u1799\u179a\u1794\u179f\u17cb CERT\/CC \u1787\u17b6\u1794\u1785\u17d2\u1785\u17bb\u1794\u17d2\u1794\u1793\u17d2\u1793\u1793\u17c1\u17c7\u1793\u17c5\u1798\u17b7\u1793\u1791\u17b6\u1793\u17cb\u178a\u17c6\u178e\u17c4\u17c7\u179f\u17d2\u179a\u17b6\u1799\u1796\u17c1\u1789\u179b\u17c1\u1789\u1798\u17bd\u1799\u1793\u17c5\u17a1\u17be\u1799\u1791\u17c1 \u178f\u17c2\u17a2\u17d2\u1793\u1780 \u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb \u1793\u17b7\u1784\u17a2\u1797\u17b7\u1794\u17b6\u179b\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u1791\u17b6\u17c6\u17a2\u179f\u17cb\u17a2\u17b6\u1785\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1798\u1792\u17d2\u1799\u17c4\u1794\u17b6\u1799\u1795\u17d2\u179f\u17c1\u1784\u17d7\u178a\u17bc\u1785\u1787\u17b6\u1780\u17b6\u179a\u1780\u17c6\u178e\u178f\u17cb\u1793\u17bc\u179c\u179f\u17b7\u1791\u17d2\u1792 \u1793\u17b7\u1784\u1798\u17bb\u1781\u1784\u17b6\u179a\u1795\u17d2\u179f\u17c1\u1784\u17d7 \u178a\u17be\u1798\u17d2\u1794\u17b8\u1780\u17b6\u179a\u1796\u17b6\u179a\u1787\u17b6\u1794\u178e\u17d2\u178f\u17c4\u17c7\u17a2\u17b6\u179f\u1793\u17d2\u1793 \u1796\u17d0\u178f\u1798\u17b6\u1793\u179b\u1798\u17d2\u17a2\u17b7\u178f\u1793\u17c3\u178a\u17c6\u178e\u17c4\u17c7\u179f\u17d2\u179a\u17b6\u1799\u179f\u17bc\u1798\u1785\u17bc\u179b\u1791\u17c5\u1780\u17b6\u1793\u17cb\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a CERT\/CC \u178f\u17b6\u1798\u178f\u17c6\u178e\u1797\u17d2\u1787\u17b6\u1794\u17cb \u1781\u17b6\u1784\u1780\u17d2\u179a\u17c4\u1798\u17d6<\/p>\n<ul>\n<li>https:\/\/www.kb.cert.org\/vuls\/id\/465632\/<\/li>\n<\/ul>\n<p><strong>\u17e5.\u179c\u17c1\u1794\u179f\u17b6\u1799\u1796\u17b6\u1780\u17cb\u1796\u17d0\u1793\u17d2\u1792<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/www.us-cert.gov\/ncas\/current-activity\/2019\/01\/28\/CERTCC-Reports-Microsoft-Exchange-2013-and-Newer-are-Vulnerable\">https:\/\/www.us-cert.gov\/ncas\/current-activity\/2019\/01\/28\/CERTCC-Reports-Microsoft-Exchange-2013-and-Newer-are-Vulnerable<\/a><\/li>\n<li><a href=\"https:\/\/www.kb.cert.org\/vuls\/id\/465632\/\">https:\/\/www.kb.cert.org\/vuls\/id\/465632\/<\/a><\/li>\n<\/ul>\n"},"excerpt":{"rendered":"<p>\u17e1.\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1791\u17bc\u1791\u17c5 CERT Coordination Center (CERT\/CC) \u1794\u17b6\u1793\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1785\u17c1\u1789\u1795\u17d2\u179f\u17b6\u1799\u1793\u17bc\u179c\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u179f\u17d2\u178f\u17b8\u1796\u17b8\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u200b\u179a NTLM Relay Attacks \u178a\u17c2\u179b\u1798\u17b6\u1793\u1795\u179b\u1794\u17c9\u17c8\u1796\u17b6\u179b\u17cb\u1791\u17c5\u179b\u17be\u1795\u179b\u17b7\u178f\u1795\u179b Microsoft exchange 2013 \u1793\u17b7\u1784\u1795\u179b\u17b7\u178f\u1795\u179b\u1787\u17c6\u1793\u17b6\u1793\u17cb\u1780\u17d2\u179a\u17c4\u1799\u17d7 \u1780\u17b6\u179b\u1796\u17b8\u1790\u17d2\u1784\u17c3\u1791\u17b8\u17e2\u17e8 \u1781\u17c2\u1798\u1780\u179a\u17b6 \u1786\u17d2\u1793\u17b6\u17c6\u17e2\u17e0\u17e1\u17e9\u17d4 \u1780\u17b6\u179a\u179c\u17b6\u1799\u179b\u17bb\u1780\u178a\u17c4\u1799\u1787\u17c4\u1782\u1787\u17d0\u1799\u1791\u17c5\u179b\u17be\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1793\u17c1\u17c7 \u17a2\u17b6\u1785\u17a2\u1793\u17bb\u1789\u17d2\u1789\u17b6\u178f\u17b2\u17d2\u1799\u1798\u17b6\u1793\u1780\u17b6\u179a\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1780\u17bc\u178a\u1796\u17b8\u1785\u17c6\u1784\u17b6\u1799 (remote code) \u178a\u17c4\u1799\u17a0\u17c1\u1782\u1783\u17d0\u179a\u17d4 \u17e2.\u1795\u179b\u17b7\u178f\u1795\u179b\u178a\u17c2\u179b\u179a\u1784\u1795\u179b\u1794\u17c9\u17c7\u1796\u17b6\u179b\u17cb Microsoft exchange 2013 \u1793\u17b7\u1784\u1780\u17c6\u178e\u17c2\u1790\u17d2\u1798\u17b8\u17d7\u1795\u17d2\u179f\u17c1\u1784\u17d7\u1791\u17c0\u178f \u17e3.\u1795\u179b\u1794\u17c9\u17c7\u1796\u17b6\u179b\u17cb \u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u178a\u17c2\u179b\u1798\u17b6\u1793\u1782\u178e\u1793\u17b8\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb Exchange mailbox \u17a0\u17be\u1799\u17a2\u17b6\u1785\u1797\u17d2\u1787\u17b6\u1794\u17cb\u1791\u17c6\u1793\u17b6\u1780\u17cb\u1791\u17c6\u1793\u1784\u1787\u17b6\u1798\u17bd\u1799\u1791\u17b6\u17c6\u1784\u1798\u17c9\u17b6\u179f\u17ca\u17b8\u1793\u1780\u17bb\u17c6\u1796\u17d2\u1799\u17bc\u1791\u17d0\u179a\u1798\u17c1 (server) Microsoft Exchange \u1793\u17b7\u1784 Window domain controller \u1794\u17d2\u179a\u17a0\u17c2\u179b\u1787\u17b6\u17a2\u17b6\u1785\u1798\u17b6\u1793\u179f\u17b7\u1791\u17d2\u1792\u17b7\u1796\u17c1\u1789\u179b\u17c1\u1789\u1787\u17b6\u200b\u17a2\u1797\u17b7\u1794\u17b6\u179b\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784 domain\u17d4 \u1785\u17c6\u1793\u17bb\u1785\u1793\u17c1\u17c7\u1780\u17cf\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u179a\u17b6\u1799\u1780\u17b6\u179a\u178e\u17cd\u1795\u1784\u178a\u17c2\u179a\u1790\u17b6 \u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u178a\u17c2\u179b\u1798\u17b7\u1793\u1794\u17b6\u1793\u178a\u17b9\u1784\u17a2\u17c6\u1796\u17b8\u1782\u178e\u1793\u17b8\u179a\u1794\u179f\u17cb Exchange user \u1780\u17cf\u1794\u17d2\u179a\u17a0\u17c2\u179b\u1787\u17b6\u17a2\u17b6\u1785\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1791\u1798\u17d2\u179a\u1784\u17cb\u178a\u17bc\u1785\u1782\u17d2\u1793\u17b6 \u178a\u17c4\u1799\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a relay attack \u178f\u17b6\u1798\u179a\u1799\u17c8 SMB \u1791\u17c5\u1780\u17b6\u1793\u17cb HTTP \u1796\u17c1\u179b\u178a\u17c2\u179b\u1782\u17c1\u179f\u17d2\u1790\u17b7\u178f\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1794\u178e\u17d2\u178f\u17b6\u1789\u178f\u17c2\u1798\u17bd\u1799\u1793\u17b9\u1784\u1798\u17c9\u17b6\u179f\u17ca\u17b8\u1793\u1780\u17bb\u17c6\u1796\u17d2\u1799\u17bc\u1791\u17d0\u179a\u1798\u17c1 Exchange\u17d4 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[274,9],"tags":[283],"class_list":["post-3840","post","type-post","status-publish","format-standard","hentry","category-274","category-security-alert","tag-microsoft-exchange-server"],"_links":{"self":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/3840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/comments?post=3840"}],"version-history":[{"count":1,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/3840\/revisions"}],"predecessor-version":[{"id":3841,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/3840\/revisions\/3841"}],"wp:attachment":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/media?parent=3840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/categories?post=3840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/tags?post=3840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}