Researcher publishes Microsoft Exchange RCE Vulnerability PoC

Microsoft released a September security update to fix a critical-level vulnerability, which is a remote code execution vulnerability (CVE-2020-16875) in Microsoft Exchange Server.

In view of the fact that relevant PoC has appeared on the Internet recently, it is strongly recommended that users update as soon as possible for protection.

“File:Microsoft Exchange (2019-present).svg” by Microsoft Office team is licensed under CC BY-SA 4.0

Due to incorrect verification of cmdlet parameters, an attacker may trigger this vulnerability by sending an email containing special cmdlet parameters to the affected Exchange server. An attacker who successfully exploited this vulnerability could execute arbitrary code with system privileges on the affected system. It is worth noting that the prerequisite for successfully exploiting the vulnerability is to have user rights that can be authenticated as an Exchange role.

Affected product version

  • Microsoft Exchange Server 2016 Cumulative Update 16
  • Microsoft Exchange Server 2016 Cumulative Update 17
  • Microsoft Exchange Server 2019 Cumulative Update 5
  • Microsoft Exchange Server 2019 Cumulative Update 6

Solution

Microsoft has fixed this vulnerability in its monthly security update.