skip to Main Content

Cyber security, new RCE flaw on Microsoft Exchange Server

The cyber security expert Steven Seeley discovered a new remote code execution (RCE) vulnerability in Microsoft Exchange Server. It’s due to improper validation of cmdlet arguments

New remote code execution (RCE) vulnerability in Microsoft Exchange Server. It has been discovered by the cyber security researcher Steven Seeley. The flaw (CVE-2020-16875) is due to improper validation of cmdlet arguments. An attacker who successfully exploited it could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised. The company released patches for the 2016 and 2019 versions, and asked users to install the mas soon as possible. Until now, however, there is no public known exploitation or PoC.

Back To Top