CVE-2020-17143:Microsoft Exchange Server Information Disclosure Vulnerability (CVE-2020-17143)

splash
Back

Description Preview

CVE-2020-17143 is an information disclosure vulnerability in Microsoft Exchange Server that could allow an authenticated attacker to access sensitive information. This vulnerability affects multiple versions of Microsoft Exchange Server and could potentially lead to unauthorized access to sensitive data if exploited successfully.

Overview

This vulnerability exists in Microsoft Exchange Server and could allow an authenticated user to access sensitive information they should not have permission to access. The vulnerability is classified as an information disclosure issue, which means it could potentially expose confidential data to unauthorized parties. The exact technical details of the vulnerability have not been fully disclosed by Microsoft, but it relates to how Exchange Server handles certain information, potentially allowing authenticated users to view data beyond their permission level. This vulnerability requires authentication, meaning an attacker would need valid credentials to exploit it.

Remediation

To address this vulnerability, organizations should:

  1. Apply the security update provided by Microsoft as soon as possible
  2. Install the latest cumulative updates for the affected Exchange Server versions
  3. Ensure that all Exchange servers are kept up to date with the latest security patches
  4. Monitor Exchange Server logs for any suspicious activity
  5. Consider implementing additional access controls and authentication mechanisms
  6. Follow Microsoft's security best practices for Exchange Server deployments
  7. Consider implementing network segmentation to limit potential exposure

References

  1. Microsoft Security Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17143
  2. Microsoft Security Update Guide: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17143
  3. Microsoft Exchange Team Blog: https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-security-updates/ba-p/2106708
  4. NIST National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2020-17143

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Health Care & Social Assistance
    Health Care & Social Assistance
  2. Finance and Insurance
    Finance and Insurance
  3. Manufacturing
    Manufacturing
  4. Educational Services
    Educational Services
  5. Management of Companies & Enterprises
    Management of Companies & Enterprises
  6. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  7. Public Administration
    Public Administration
  8. Transportation & Warehousing
    Transportation & Warehousing
  9. Accommodation & Food Services
    Accommodation & Food Services
  10. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  11. Retail Trade
    Retail Trade
  12. Utilities
    Utilities
  13. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  14. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  15. Construction
    Construction
  16. Information
    Information
  17. Mining
    Mining
  18. Other Services (except Public Administration)
    Other Services (except Public Administration)
  19. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background