Skip to the content.

DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server

Our reference DIVD-2023-00010
Case lead Célistine Oosting
Researcher(s)
CVE(s)
Products
  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019
Versions
  • Microsoft Exchange Server 2013 < Cumulative Update 23 (Buildnr. 15.00.1497.047)
  • Microsoft Exchange Server 2016 < Cumulative Update 23 (Buildnr. 15.01.2507.021)
  • Microsoft Exchange Server 2019 < Cumulative Update 12 (Buildnr. 15.02.1118.025)
Recommendation Be sure to install the latest Cumulative security Update from Microsoft for Exchange
Patch status Fully patched
Status Open
Last modified 03 Jan 2024 15:08

Important Information

During the parsing of data related to the first mailrun of this case, there was an error that caused some emails to have been erroneously sent out for systems that are not vulnerable to these vulnerabilities. If you have received an email stating that your systems are vulnerable to this vulnerability, yet your systems are updated to at least the February 2023 Cumulative Update (Buildnrs. listed above), you can safely disregard this email.

Summary

On the 14th of February Microsoft released an update that patched 4 CVE’s in Microsoft Exchange Server that can lead to remote code execution on vulnerable systems. After we became aware of these vulnerabilities, we created a case for it and began scanning for these vulnerabilities.

What you can do

Make sure you’re on the latest Cumulative Update for your version of Exchange Server. The following are as of writing the latest versions.

What we are doing

We are scanning for these vulnerabilities and will send out notifications to owners of vulnerable systems.

Timeline

Date Description
14 Feb 2023 Patch Released by Microsoft
14 Feb 2023 Case Created Opened by DIVD
07 Mar 2023 DIVD Started the Initial Scan for this Vulnerability
01 May 2023 DIVD Rescanned for the Vulnerability
18 May 2023 DIVD Did the First Mailrun
gantt title DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server (still open) :2023-02-14, 2024-04-01 section Events Patch Released by Microsoft : milestone, 2023-02-14, 0d Case Created Opened by DIVD : milestone, 2023-02-14, 0d DIVD Started the Initial Scan for this Vulnerability : milestone, 2023-03-07, 0d DIVD Rescanned for the Vulnerability : milestone, 2023-05-01, 0d DIVD Did the First Mailrun : milestone, 2023-05-18, 0d

More information