Rewterz Threat Advisory – CVE-2020-16875 – Microsoft Exchange Server Remote Code Execution Vulnerability

Severity

High

Analysis Summary

CVE-2020-16875

A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.

Impact

Remote Code Execution

Affected Vendors

Microsoft

Affected Products

Microsoft Exchange server

Remediation

Refer to Microsoft advisory for the list of affected products and their respective patches.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875