CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2020-17117 | Microsoft Exchange Remote Code Execution Vulnerability | Microsoft Exchange Server | Critical | 11-12-2020 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in Microsoft Exchange. An attacker who successfully exploited the vulnerability using crafted email sent to the exchange server, could execute arbitrary code in the context of the logged on user on the host. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Further information on this vulnerability is available at : CVE-2020-17117
Affected Software
Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 6
Microsoft Exchange Server 2016 Cumulative Update 17
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 18