What privileges does the ExpiredPassword.aspx webshell run with, and why is that significant?

The ExpiredPassword.aspx webshell runs with System privileges on the Exchange server because it is placed in the `C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\` directory, which defaults to System-level access. This allows attackers to execute arbitrary commands at the highest privilege level, making it a potent tool for lateral movement or persistence within a domain, as discussed in Analysis of APT34 Leaked Tools - HighShell and HyperShell.