Microsoft has addressed a critical vulnerability in Exchange Server that could allow attackers to execute arbitrary code on affected systems.
Microsoft has released emergency security updates to address a critical remote code execution vulnerability affecting multiple versions of Exchange Server. The vulnerability, tracked as CVE-2023-23397, carries a CVSS score of 9.8 and poses an immediate threat to unpatched systems.
Attackers can exploit this vulnerability by sending specially crafted requests to the Exchange Control Panel (ECP) or Outlook on the web (OWA) endpoints. Successful exploitation could allow an attacker to run arbitrary code with system privileges on the affected server.
"This is a critical vulnerability that requires immediate attention," said Microsoft's Security Response Center. "We strongly recommend customers apply the available updates as soon as possible."
Affected Products:
- Exchange Server 2019 (Cumulative Update 11 or earlier)
- Exchange Server 2016 (Cumulative Update 22 or earlier)
- Exchange Server 2013 (Cumulative Update 23 or earlier)
- Exchange Server 2010 (Service Pack 3 Update 8 or earlier)
- Exchange Server 2007 Service Pack 3 RU18
Microsoft released security updates on November 14, 2023. Organizations running affected versions should apply the updates immediately. For those unable to patch immediately, Microsoft has released temporary mitigations that can be deployed.
The vulnerability exists in the Exchange Control Panel (ECP) component due to improper validation of input. An attacker who successfully exploited the vulnerability could gain the same user rights as the account configured to run the Exchange Control Panel service. This account typically has elevated privileges on the system.
To remediate this vulnerability:
- Apply the latest cumulative updates for your Exchange Server version
- For Exchange Server 2010, apply the security update MSRC23-11
- Review logs for suspicious activity between October 1, 2023, and November 14, 2023
- Implement network segmentation to limit access to Exchange services
Microsoft has also released a security advisory MSRC23-11 with detailed information about the vulnerability and mitigation steps. Additional guidance is available in the Exchange Team Blog.
Organizations should also consider enabling additional security controls such as multi-factor authentication and conditional access policies for Exchange services. Microsoft Defender for Office 365 customers can leverage Safe Attachments to detect and block malicious files related to this vulnerability.
Comments
Please log in or register to join the discussion