This site uses cookies to enhance your experience.  By continuing to visit this website, you consent to the use of these cookies. Click here to learn more about our privacy policy.

Sanfor Technologies Blog Background Image

Microsoft Exchange 2010 Remote Code Execution Vulnerability CVE-2020-17144

2020-12-30
193
Introduction to Related Components

Exchange Server is a mail server developed by Microsoft to enable messaging and collaboration and establish the mail system for enterprises and schools. It has been recently adopted by major enterprises.

 

Introduction

After attackers are authenticated successfully, they can send a forged request to a certain server API and inject malicious deserialized content into the deserialization stream, to execute arbitrary commands, or even take over the server. The vulnerability only affects Microsoft Exchange 2010, but the exploit is easy and permission requirements are low, making attacks easier.

 

Impact

Affected Versions: Microsoft Exchange Server 2010 Service Pack 3

 

Timeline

  • Dec 9, 2020, Microsoft released a security patch.
  • Dec 9, 2020, Sangfor FarSight Labs released a vulnerability alert.

 

Remediation Solution

Microsoft has released a patch to fix the vulnerability. Please update it from the following link: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17144

 

Sangfor Solution

  • For Sangfor NGAF customers, update NGAF security protection.
  • Sangfor Cloud WAF has automatically updated its database in the cloud. Those users are already protected from this vulnerability without needing to perform any additional operations.
  • Sangfor Cyber Command can detect attacks that exploit this vulnerability and can alert users in real-time. Users can integrate Cyber Command to NGAF to block an attacker's IP address.
  • Sangfor SOC has Sangfor security specialists available 24/7 to help you resolve any issues. For users with vulnerabilities, the SOC regularly reviews and updates device policies to ensure protection against this vulnerability.

 

Why Sangfor?

Sangfor Technologies Incident Response (IR) Services are vital to enterprises across the world. Not every attack can be prevented, even with the most cutting-edge security equipment, and not every company has the expertise to respond to an incident or breach. Statistics show that Incident Response services minimize the impact of attacks, maintain business continuity, and strengthen security for the entire business.

Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor's Security solutions, and let Sangfor make your IT simpler, more secure and valuable.