Microsoft Exchange CVE-2019-1373 Remote Code Execution Vulnerability

description-logoDescription

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged in user. Exploitation of this vulnerability requires that a user run cmdlets via PowerShell. The security update addresses the vulnerability by correcting how Exchange serializes its metadata.

affected-products-logoAffected Applications

Microsoft Exchange Server 2019 Cumulative Update 2
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 13
Microsoft Exchange Server 2016 Cumulative Update 14
Microsoft Exchange Server 2019 Cumulative Update 3

CVE References

CVE-2019-1373