tencent cloud

Feedback

Notice for Exchange Server Command Execution Vulnerability

Last updated: 2022-06-23 11:14:26
    On September 17, 2020, Tencent Security noticed that Microsoft issued a security advisory for a command execution vulnerability in Exchange Server (CVE-2020-16875).
    Note:
    Microsoft Exchange Server is an email service program offered by Microsoft Corporation, which provides various features such as mail access, storage, forwarding, voice mail, and mail filtering.
    The POC of the vulnerability is being circulated on the internet. Tencent Security recommends you upgrade Exchange to the latest version in time and implement asset inspection and protection to avoid attacks by hackers. Tencent Cloud WAF currently supports defense against them.

    Vulnerability Details

    A remote code execution vulnerability exists in Microsoft Exchange Server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires successful authentication by Exchange. As the Exchange service ran with SYSTEM privileges, an attacker could get the highest privileges of the system by exploiting this vulnerability.

    Affected Versions

    Microsoft Exchange Server 2016 Cumulative Update 16
    Microsoft Exchange Server 2016 Cumulative Update 17
    Microsoft Exchange Server 2019 Cumulative Update 5
    Microsoft Exchange Server 2019 Cumulative Update 6

    Suggestions for Fix

    According to the vulnerability advisory, Tencent Security recommends you:
    Update to the latest version for fix in time.
    Use WAF to detect and block attacks.

    References

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support