Описание
Microsoft Exchange Server Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
For the vulnerability to be exploited, the attacker would need to be authenticated as a valid exchange user.
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An authenticated attacker could gain remote code execution rights on the server mailbox backend as NT AUTHORITY\SYSTEM.
According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
Are there any more actions I need to take to be protected from this vulnerability?
Yes. Customers running an affected version of Microsoft Exchange need to download the November 2023 Security Update and ensure the Serialized Data Signing feature is enabled to be protected from this vulnerability. Disabling certificate signing of Powershell serialization payloads makes your server vulnerable to known Exchange vulnerabilities and weakens protection against unknown threats. We recommend leaving this feature enabled.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft Exchange Server 2019 Cumulative Update 13 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8 High
CVSS3
Связанные уязвимости
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Уязвимость почтового сервера Microsoft Exchange Server, связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код
EPSS
8 High
CVSS3