First published: Fri Sep 11 2020(Updated: )
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
=2016-cumulative_update_16 | ||
=2016-cumulative_update_17 | ||
=2019-cumulative_update_5 | ||
=2019-cumulative_update_6 | ||
Microsoft Exchange Server | =2016-cumulative_update_16 | |
Microsoft Exchange Server | =2016-cumulative_update_17 | |
Microsoft Exchange Server | =2019-cumulative_update_5 | |
Microsoft Exchange Server | =2019-cumulative_update_6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-16875 is classified as a critical remote code execution vulnerability.
To fix CVE-2020-16875, apply the latest cumulative update released by Microsoft for your version of Exchange Server.
CVE-2020-16875 affects Microsoft Exchange Server 2016 cumulative update 16 and 17, as well as 2019 cumulative update 5 and 6.
An attacker who exploits CVE-2020-16875 could run arbitrary code in the context of the System user.
Currently, there are no documented workarounds for CVE-2020-16875, so applying the cumulative update is necessary.