According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution? The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call. According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server? Yes, the attacker must be authenticated. Why are there new updates associated with this CVE? We are re-releasing this CVE to inform customers that there are new updates to install for this vulnerability. A small subset of customers were experiencing problems with Exchange Web Services due to the updates that were released in February. The new updates address these problems. Customers who are experiencing issues with the February updates are encouraged to install the March Exchange Server updates listed in the Security Updates table.
Maturity: Exploit
<a href="https://twitter.com/testanull">Nguyễn Tiến Giang (Jang)</a> with <a href="https://twitter.com/starlabs_sg">STAR Labs SG Pte. Ltd.</a>