Rewterz Threat Advisory – Multiple Microsoft Exchange Server Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-36777 CVSS:5.7

Microsoft Exchange Server could allow a remote authenticated attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2023-36744 CVSS:8

Microsoft Exchange Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-36745 CVSS:8

Microsoft Exchange Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-36756 CVSS:8

Microsoft Exchange Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-36757 CVSS:8

Microsoft Exchange Server could allow a remote authenticated attacker to conduct spoofing attacks.

Impact

• Information Disclosure
• Code Execution
• Gain Access

Indicators Of Compromise

CVE

• CVE-2023-36777
• CVE-2023-36744
• CVE-2023-36745
• CVE-2023-36756
• CVE-2023-36757

Affected Vendors

Microsoft

Affected Products

• Microsoft Exchange Server 2016 CU23
• Microsoft Exchange Server 2019 CU12
• Microsoft Exchange Server 2019 CU13

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2023-36777

CVE-2023-36744

CVE-2023-36745

CVE-2023-36756

CVE-2023-36757