vulnerability

Microsoft CVE-2019-1373: Microsoft Exchange Remote Code Execution Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Nov 12, 2019	Nov 12, 2019	Nov 18, 2019

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Nov 12, 2019

Added

Nov 12, 2019

Modified

Nov 18, 2019

Description

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged in user.
Exploitation of this vulnerability requires that a user run cmdlets via PowerShell.
The security update addresses the vulnerability by correcting how Exchange serializes its metadata.

Solution

msft-kb4523171-1b9985eb-495f-4770-bdfb-7ad9836c5bdb

References

CVE-2019-1373
https://attackerkb.com/topics/CVE-2019-1373
MSKB-4523171

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today