Check your servers for a critical Microsoft Exchange vuln CVE-2019-0586

It’s now over a month since the news of the critical vulnerability for Exchange (CVE-2019-0586) was circulated.

As NIST NVD notes, “a remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka Microsoft Exchange Memory Corruption Vulnerability.” [1] This affects Microsoft Exchange Server and is a 10.0 under CVSS v2.0, and 9.8 under CVSS v3.0.

The following versions of Exchange are vulnerable:

  • Microsoft Exchange Server 2019 0
  • Microsoft Exchange Server 2016 Cumulative Update 10 0
  • Microsoft Exchange Server 2016 Cumulative Update 11

It’s pretty serious and can exploited extremely easily, by crafting a malicious email targeting the vulnerable Exchange instance.

“Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.” [2]

Well worth reviewing your core enterprise systems to ensure all necessary patches have been applied.

References

[1] NIST NVD advisory – https://nvd.nist.gov/vuln/detail/CVE-2019-0586 (also contains links to Microsoft advisory)

[2] SecurityFocus advisory- https://www.securityfocus.com/bid/106421/info