vulnerability
Microsoft CVE-2019-1373: Microsoft Exchange Remote Code Execution Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Nov 12, 2019 | Nov 12, 2019 | Nov 18, 2019 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Nov 12, 2019
Added
Nov 12, 2019
Modified
Nov 18, 2019
Description
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged in user.
Exploitation of this vulnerability requires that a user run cmdlets via PowerShell.
The security update addresses the vulnerability by correcting how Exchange serializes its metadata.
Solution
msft-kb4523171-1b9985eb-495f-4770-bdfb-7ad9836c5bdb
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.