Описание
Microsoft Exchange Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged in user.
Exploitation of this vulnerability requires that a user run cmdlets via PowerShell.
The security update addresses the vulnerability by correcting how Exchange serializes its metadata.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Exchange Server 2019 Cumulative Update 2 | ||
| Microsoft Exchange Server 2016 Cumulative Update 13 | ||
| Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft Exchange Server 2019 Cumulative Update 3 | ||
| Microsoft Exchange Server 2016 Cumulative Update 14 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.
Уязвимость почтового сервера Microsoft Exchange Server, связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
EPSS