Exchange Server is a mail server developed by Microsoft to enable messaging and collaboration and establish the mail system for enterprises and schools. It has been recently adopted by major enterprises.
After attackers are authenticated successfully, they can send a forged request to a certain server API and inject malicious deserialized content into the deserialization stream, to execute arbitrary commands, or even take over the server. The vulnerability only affects Microsoft Exchange 2010, but the exploit is easy and permission requirements are low, making attacks easier.
Affected Versions: Microsoft Exchange Server 2010 Service Pack 3
Microsoft has released a patch to fix the vulnerability. Please update it from the following link: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17144
Sangfor Technologies Incident Response (IR) Services are vital to enterprises across the world. Not every attack can be prevented, even with the most cutting-edge security equipment, and not every company has the expertise to respond to an incident or breach. Statistics show that Incident Response services minimize the impact of attacks, maintain business continuity, and strengthen security for the entire business.
Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor's Security solutions, and let Sangfor make your IT simpler, more secure and valuable.