CVE-2020-16875: Microsoft Exchange Remote Code Execution Vulnerability Alert

On September 8, 2020, Microsoft Exchange issued a risk notice for Exchange command execution vulnerability, the vulnerability number is CVE-2020-16875, the vulnerability level is serious, and the vulnerability score is 9.1. By constructing special cmdlet parameters, remote attackers can affect the execution of arbitrary commands.
CVE-2018-8302

Vulnerability Detail

Due to incorrect validation of cmdlet parameters, a remote code execution vulnerability exists in the Microsoft Exchange server. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the System user. The exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.

Affected version

  • Microsoft exchange_server_2016: cu16/cu17
  • Microsoft exchange_server_2019: cu5/cu6

Solution

Microsoft releases a patch to fix this vulnerability. In this regard, we recommend that users upgrade Exchange to the latest version in time.
Update: On September 10th, researcher Steven Seeley publicly released Proof-of-Concept code for a critical remote code execution vulnerability.