CVE-2020-17144:Microsoft Exchange Remote Code Execution Vulnerability (CVE-2020-17144) allows attackers to execute arbitrary code through deserialization of untrusted data.

splash
Back

Description Preview

CVE-2020-17144 is a critical remote code execution vulnerability in Microsoft Exchange Server. The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data) and allows attackers to execute arbitrary code on affected systems by exploiting the server's improper handling of serialized objects. This vulnerability affects multiple versions of Microsoft Exchange Server and could lead to complete system compromise if successfully exploited.

Overview

This vulnerability exists in Microsoft Exchange Server due to improper validation of serialized data. An attacker who successfully exploits this vulnerability could run arbitrary code with SYSTEM privileges, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. The attack requires the attacker to send specially crafted data to an affected Exchange server. The vulnerability is particularly dangerous as it can potentially be exploited remotely without user interaction, making it a high priority for patching.

Remediation

To mitigate this vulnerability, administrators should:

  1. Apply the security update provided by Microsoft as soon as possible
  2. Ensure all Exchange servers are updated to the latest supported cumulative update and security update
  3. If immediate patching is not possible, consider implementing network segmentation and restricting access to Exchange servers
  4. Monitor Exchange server logs for suspicious activities
  5. Consider implementing additional security measures such as network-level authentication and proper network segmentation
  6. Follow Microsoft's security best practices for Exchange Server deployments

References

  1. Microsoft Security Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17144
  2. Microsoft Security Response Center: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17144
  3. Common Weakness Enumeration (CWE-502): https://cwe.mitre.org/data/definitions/502.html
  4. MITRE CVE Record: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17144

Early Warning

Armis Early Warning customers received an advanced alert on this vulnerability.

Armis Alert Date
Dec 16, 2020
CISA KEV Date
Nov 3, 2021
322days early
Learn More

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Transportation & Warehousing
    Transportation & Warehousing
  3. Educational Services
    Educational Services
  4. Health Care & Social Assistance
    Health Care & Social Assistance
  5. Accommodation & Food Services
    Accommodation & Food Services
  6. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  7. Finance and Insurance
    Finance and Insurance
  8. Management of Companies & Enterprises
    Management of Companies & Enterprises
  9. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  10. Public Administration
    Public Administration
  11. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  12. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  13. Construction
    Construction
  14. Information
    Information
  15. Mining
    Mining
  16. Other Services (except Public Administration)
    Other Services (except Public Administration)
  17. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  18. Retail Trade
    Retail Trade
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database