Microsoft Exchange Server Privilege Escalation Vulnerability

A vulnerability allowing unauthorized privilege escalation has been identified in Microsoft Exchange Server. This issue arises from an incorrect implementation of the authentication algorithm, which could enable an attacker to elevate privileges locally. Exploitation of this vulnerability would allow an attacker to take control of the mailboxes of all Exchange users, including access to read emails and download attachments.

Impact

Successful exploitation of this vulnerability would allow an attacker to gain elevated privileges, enabling them to take over the mailboxes of all Exchange users and access their emails and attachments.

Remediation

Users can apply the security update for Microsoft Exchange Server 2016 Cumulative Update 23, Exchange Server Subscription Edition RTM, Exchange Server 2019 Cumulative Update 14, or Exchange Server 2019 Cumulative Update 15. Security update download links are available on the Microsoft Update Catalog.