Microsoft Exchange Server is one of the most widely used email servers across the world. Exchange Server is installed in various organizations, enterprises, and companies. The Exchange Server can be accessed by email clients like Outlook, Android, iOS, and web browsers. The Exchange Server provides various features like calendar, email, and contacts.

The Exchange Server collects sensitive information from email users like emails, contact information, and calendar appointments. The problem occurs due to the fact that Exchange Server does not perform any type of security verification when accessing a remote server.

The researchers have discovered a remote code execution vulnerability in the Exchange Server that allows an attacker to remotely access the Exchange Server, and send and receive email. The researchers have discovered a remote code execution vulnerability in the Exchange Server that allows an attacker to remotely access the Exchange Server, and send and receive email.
The critical issue exists due to the fact that the Exchange Server does not perform any type of security verification when accessing a remote server. This makes it possible for an attacker to access the Exchange Server, and send and receive email. The researchers have reported this critical issue to the Microsoft team.

Software versions and affected versions

Microsoft Exchange Server 2016, 2016 CU1, 2016 CU2
Microsoft Exchange Server 2013, 2013 Update 4
Microsoft Exchange Server 2010 SP3, 2010 SP4
Microsoft Exchange Server 2007 SP3
Microsoft Exchange Server 2003 SP2

How to exploit the Remote Code Execution in Exchange Server?

The researchers have determined that the vulnerability to exploit this remote code execution is due to the fact that the Exchange Server does not perform any type of security verification when accessing a remote server. This makes it possible for an attacker to access the Exchange Server, and send and receive email.
To exploit this vulnerability, an attacker will need to create a malicious URL which will redirect their victim to a page where they can enter their credentials and send messages into the Exchange Server. The authentication process is done by uploading a malicious file into a specific directory. Then, having your victim visit the URL in their web browser will cause them to authenticate with their account information.  The researchers have found that in order for this attack to be successful, you would need local administrative privilege on the target system.

How to Bypass Exchange Server Remote Code Execution?

As Microsoft is still evaluating this issue, please ensure that you take appropriate protective steps.

The researchers have discovered a remote code execution vulnerability in the Exchange Server that allows an attacker to remotely access the Exchange Server, and send and receive email. The researchers have reported this critical issue to the Microsoft team.

Remote Code Execution in Microsoft Exchange Server

The critical issue exists due to the fact that the Exchange Server does not perform any type of security verification when accessing a remote server. This makes it possible for an attacker to access the Exchange Server, and send and receive email. The researchers have reported this critical issue to the Microsoft team.

Exchange Server Remote Code Execution Vulnerability

The Microsoft Exchange Server is one of the most widely used email servers across the world. The Exchange Server provides various features like calendar, email, and contacts.
However, a researcher has discovered a remote code execution vulnerability in the Exchange Server that allows an attacker to remotely access the Exchange Server and send and receive email. This critical issue exists due to the fact that the Exchange Server does not perform any type of security verification when accessing a remote server. This makes it possible for an attacker to access the Exchange Server in order to send and receive email. The researchers have reported this issue to Microsoft team.

Timeline

Published on: 03/09/2022 17:15:00 UTC
Last modified on: 03/14/2022 18:54:00 UTC

References