virus logo Intrusion Prevention

MS.Exchange.Server.DlpUtils.AUTH.Remote.Code.Injection

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Exchange Server.
The vulnerability is due to improper validation of cmdlet arguments. An authenticated, remote attacker can exploit this vulnerability by running a particular cmdlet with crafted arguments against a vulnerable exchange server. Successful exploitation could result in the execution of arbitrary commands as SYSTEM.

affected-products-logoAffected Products

Microsoft Exchange Server 2016 Cumulative Update 16
Microsoft Exchange Server 2016 Cumulative Update 17
Microsoft Exchange Server 2019 Cumulative Update 5
Microsoft Exchange Server 2019 Cumulative Update 6

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17132

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-02-01 17.008 Sig Added
2020-10-22 16.948 Default_action:pass:drop
2020-10-08 16.940 Sig Added
2020-10-07 16.939

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17132 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875
ID 49503
Created Sep 29, 2020
Updated May 24, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2020-17132 CVE-2020-16875
Exploit Prediction Score 50.61%
Default Action drop
Active
Affected OS Windows
Affected App MS_Exchange