Introduction to Related Components

Exchange Server is a mail server developed by Microsoft to enable messaging and collaboration and establish the mail system for enterprises and schools. It has been recently adopted by major enterprises.



After attackers are authenticated successfully, they can send a forged request to a certain server API and inject malicious deserialized content into the deserialization stream, to execute arbitrary commands, or even take over the server. The vulnerability only affects Microsoft Exchange 2010, but the exploit is easy and permission requirements are low, making attacks easier.



Affected Versions: Microsoft Exchange Server 2010 Service Pack 3



  • Dec 9, 2020, Microsoft released a security patch.
  • Dec 9, 2020, Sangfor FarSight Labs released a vulnerability alert.


Remediation Solution

Microsoft has released a patch to fix the vulnerability. Please update it from the following link:


Sangfor Solution

  • For Sangfor NGAF customers, update NGAF security protection.
  • Sangfor Cloud WAF has automatically updated its database in the cloud. Those users are already protected from this vulnerability without needing to perform any additional operations.
  • Sangfor Cyber Command can detect attacks that exploit this vulnerability and can alert users in real-time. Users can integrate Cyber Command to NGAF to block an attacker's IP address.
  • Sangfor SOC has Sangfor security specialists available 24/7 to help you resolve any issues. For users with vulnerabilities, the SOC regularly reviews and updates device policies to ensure protection against this vulnerability.


Why Sangfor?

Sangfor Technologies Incident Response (IR) Services are vital to enterprises across the world. Not every attack can be prevented, even with the most cutting-edge security equipment, and not every company has the expertise to respond to an incident or breach. Statistics show that Incident Response services minimize the impact of attacks, maintain business continuity, and strengthen security for the entire business.

Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at to learn more about Sangfor's Security solutions, and let Sangfor make your IT simpler, more secure and valuable.

Listen To This Post


Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

Expert Tips on How to Improve Your Cyber Defense

Date : 12 Aug 2022
Read Now

Cyber Security

Ransomware Attacks in Asia on the Rise, Are You Next?

Date : 09 Aug 2022
Read Now

Cyber Security

How to Level Up Your Incident Response Plan

Date : 28 Jul 2022
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
NGAF - Next Generation Firewall (NGFW)
SASE Access
icon notification