| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2019-1373 | Microsoft Exchange Remote Code Execution Vulnerability | Microsoft Exchange Server 2019 | Critical | 12-11-2019 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged in user.
Detailed Information on the risk:
Exploitation of this vulnerability requires that a user run cmdlets via PowerShell.
The security update addresses the vulnerability by correcting how Exchange serializes its metadata.
Further information on this vulnerability is available at : CVE-2019-1373
Affected Software
Microsoft Exchange Server 2019 Cumulative Update 2Microsoft Exchange Server 2016 Cumulative Update 13
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 3
Microsoft Exchange Server 2016 Cumulative Update 14