Quote:
Originally Posted by Hack&Lube
I think it's more of a question of people facepalming that a local user on a workstation (as the ransomware vector is through the permissions of the user who clicked on the attachment) has permissions to make file-level changes on an Exchange mailbox server or infect the whole database availability group. That should never be possible.
|
I don't think you understand.
If you have local admin rights on a domain joined PC, you can escalate those to domain rights with the proper exploits. I guess it shouldn't be possible because we should patch all those exploits or make sure that our policies and configurations don't allow them to succeed, but it can happen.
You are also assuming that this was a 'click-attachment' type of attack. They have not said it was, afaik, and assuming that this method was used for such a targeted attack probably not safe.