How could an attacker exploit this vulnerability? For the vulnerability to be exploited, the attacker would need to be authenticated as a valid exchange user. What privileges could be gained by an attacker who successfully exploited the vulnerability? An authenticated attacker could gain remote code execution rights on the server mailbox backend as NT AUTHORITY\SYSTEM. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. Are there any more actions I need to take to be protected from this vulnerability? Yes. Customers running an affected version of Microsoft Exchange need to download the November 2023 Security Update and ensure the Serialized Data Signing feature is enabled to be protected from this vulnerability. Disabling certificate signing of Powershell serialization payloads makes your server vulnerable to known Exchange vulnerabilities and weakens protection against unknown threats. We recommend leaving this feature enabled.
m4yfly with TianGong Team of Legendsec at Qi'anxin Group