Microsoft Exchange vulnerable to 'PrivExchange' zero-day

Proof-of-concept tool lets attackers escalate a hacked inbox to admin on a company's internal domain controller.