virus logo Intrusion Prevention

MS.Exchange.Server.NewExchangeCertificate.Arbitrary.File.Write

description-logoDescription

This indicates an attack attempt to exploit an Arbitrary File Write Vulnerability in Microsoft Exchange Server.
The vulnerability is due to improper validation of Filename argument in New-ExchangeCertificate cmdlet. A remote, authenticated attacker can exploit this vulnerability by running the cmdlet with crafted arguments against a vulnerable Exchange server. Successful exploitation could result in denial-of-service conditions and in worst case execution of arbitrary codes as SYSTEM.

affected-products-logoAffected Products

Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 17
Microsoft Exchange Server 2016 Cumulative Update 18
Microsoft Exchange Server 2019 Cumulative Update 6
Microsoft Exchange Server 2019 Cumulative Update 7

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17085

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-04-01 18.050 Default_action:pass:drop
2021-01-18 17.001
ID 49739
Created Jan 07, 2021
Updated Mar 31, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2020-17085
Exploit Prediction Score 0.14%
Default Action drop
Active
Affected OS Windows
Affected App MS_Exchange