Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you a notice about Microsoft Exchange remote code execution vulnerabilities. The article is rich in content and analyzed and described from a professional point of view. I hope you can get something after reading this article.

Overview of 0x01 updates

On September 16, 2020, 360CERT monitoring found that the metasploit github repository updated the exploited PR (pull request) of this vulnerability, which could cause arbitrary command execution. This update identifies that the exploit tool for this vulnerability is public and may be attacked in a short period of time.

Exploitation of this vulnerability requires at least one basic Exchange user account; because the Exchange service runs with System privileges, triggering the vulnerability can also obtain the highest privileges on the system.

For details of the update, please refer to the reference link.

Brief introduction of 0x02 vulnerability

On September 09, 2020, 360CERT Monitoring found that Microsoft Exchange issued a risk notice for a vulnerability in the execution of Exchange commands, the vulnerability number is CVE-2020-16875, the vulnerability level is serious, and the vulnerability score is 9.1.

Remote attackers can cause arbitrary command execution effects by constructing special cmdlet parameters.

The vulnerability was discovered by Steven Seeley (mr_me) of Qihoo 360 Vulcan team

In this regard, 360CERT recommends that the majority of users upgrade Exchange to the latest version in time. At the same time, please do a good job of asset self-examination and prevention to avoid hacker attacks.

0x03 risk rating

360CERT's assessment of the vulnerability is as follows

Rating method level threat level seriously affects extensive 360CERT score 9.10x04 vulnerability details CVE-2020-16875: command execution vulnerability

A remote code execution vulnerability exists in the Microsoft Exchange server due to incorrect validation of cmdlet parameters. An attacker who successfully exploits this vulnerability can run arbitrary code in the context of a system user. Exploitation of this vulnerability requires user privileges to authenticate to an Exchange role.

0x05 affects version

-microsoft:exchange_server_2016: cu16/cu17

-microsoft:exchange_server_2019: cu5/cu6

0x06 repair recommendation General repair recommendation

Find your own vulnerability patches that match the operating system version through the link below, and download and install the patches.

CVE-2020-16875 | Microsoft Exchange remote code execution vulnerability

Https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875

This is how the Microsoft Exchange remote code execution vulnerability notice shared by the editor is like. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.