Why is Attack Complexity marked as High for this vulnerability? A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in execution against the vulnerable component before a successful attack can be expected. For this vulnerability, a successful exploitation requires an attacker to win a race condition. Are there any more actions I need to take to be protected from this vulnerability? Yes. Customers running an affected version of Microsoft Exchange need to enable Extended Protection to be protected from this vulnerability. For more information, see Exchange Server Support for Windows Extended Protection. Is there more information available about this release of Exchange Server? For more information on this issue, please see The Exchange Blog. According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server? Yes, the attacker must be authenticated. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user with an affected version of Exchange Server access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.
<a href="https://twitter.com/D1iv3">Tianze Ding(@D1iv3)</a> with Tencent Security Xuanwu Lab