Critical Vulnerability CVE-2023-XXXX: Microsoft Exchange Remote Code Execution

Microsoft has identified critical remote code execution vulnerability CVE-2023-XXXX affecting all supported versions of Exchange Server. Exploitation is already observed in the wild. Immediate patching is required.

CVSS 9.8 severity. Attackers can gain system privileges without authentication.

Affected Products

• Exchange Server 2019 (Cumulative Update 13 and earlier)
• Exchange Server 2016 (Cumulative Update 23 and earlier)
• Exchange Server 2013 (Cumulative Update 23 and earlier)
• Exchange Online

Mitigation Steps

1. Apply the latest cumulative updates immediately
2. Configure Exchange Server to block unauthenticated access
3. Implement network segmentation for Exchange servers
4. Monitor for suspicious PowerShell commands
5. Enable multi-factor authentication for all Exchange admin accounts

Timeline

• Vulnerability discovered: June 15, 2023
• Patch released: July 11, 2023 (Patch Tuesday)
• Exploitation observed: July 5, 2023
• Zero-day period: 6 days

The vulnerability exists in the Exchange Control Panel (ECP) component. An unauthenticated attacker can send specially crafted requests to execute arbitrary code with system privileges.

Workarounds

• Block access to ECP externally using firewall rules
• Disable the ECP application pool temporarily
• Implement IP allow lists for Exchange management interfaces

For detailed technical information, refer to the Microsoft Security Advisory.

Organizations unable to patch immediately should implement the workarounds and monitor for signs of exploitation. The MSRC continues to monitor for exploitation attempts and may release additional guidance.