What different about the Exchange flaw compared to others is that it gets you immediately to a winning condition. There's no tricking employees or exploiting finicky desktops or pivoting around the network. You click a button and you have root at the very top of their network.
Exchange on-prem (likely) sees your password when you sign in from your phone. Every employee's password. It has permissions to AD with its own implicit unmonitored service accounts, basically 1 step to Domain Admin. It's often unmonitored for assumed performance reasons.
3:13 AM · Mar 10, 2021