DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server
|Case lead||Célistine Oosting|
|Recommendation||Be sure to install the latest Cumulative security Update from Microsoft for Exchange|
|Patch status||Fully patched|
|Last modified||05 Jul 2023 11:58|
During the parsing of data related to the first mailrun of this case, there was an error that caused some emails to have been erroneously sent out for systems that are not vulnerable to these vulnerabilities. If you have received an email stating that your systems are vulnerable to this vulnerability, yet your systems are updated to at least the February 2023 Cumulative Update (Buildnrs. listed above), you can safely disregard this email.
On the 14th of February Microsoft released an update that patched 4 CVE’s in Microsoft Exchange Server that can lead to remote code execution on vulnerable systems. After we became aware of these vulnerabilities, we created a case for it and began scanning for these vulnerabilities.
What you can do
Make sure you’re on the latest Cumulative Update for your version of Exchange Server. The following are as of writing the latest versions.
- Microsoft Exchange Server 2013: Cumulative Update 23 (Buildnr. 15.00.1497.047)
- Microsoft Exchange Server 2016: Cumulative Update 23 (Buildnr. 15.01.2507.021)
- Microsoft Exchange Server 2019: Cumulative Update 12 (Buildnr. 15.02.1118.025)
What we are doing
We are scanning for these vulnerabilities and will send out notifications to owners of vulnerable systems.
|14 Feb 2023||Patch Released by Microsoft|
|14 Feb 2023||Case Created Opened by DIVD|
|07 Mar 2023||DIVD Started the Initial Scan for this Vulnerability|
|01 May 2024||DIVD Rescanned for the Vulnerability|
|18 May 2024||DIVD Did the First Mailrun|
- CVE-2023-21710 at Microsoft
- CVE-2023-21529 at Microsoft
- CVE-2023-21706 at Microsoft
- CVE-2023-21707 at Microsoft