Alerts and Advisories 1 November 2023

Microsoft Exchange Server RCE Flaw (CVE-2023-36745)

Advisory

Advisory
01 November 2023

 

Background

A Proof-of-Concept (PoC) exploit has been published for a Microsoft Exchange Server vulnerability, identified as CVE-2023-36745, which can allow remote attackers to execute code.

This vulnerability is exploited by leveraging the Microsoft.Exchange.DxStore.Common.DxSerializationUtil.SharedTypeResolver class to evade the .NET Framework’s default security restrictions. This class can be employed to load assemblies from remote locations, subsequently enabling the execution of arbitrary code on the victim’s system.

An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that the attacker gain LAN-access as well as obtain credentials for a valid Exchange user.

 

Impact

  • May lead to a remote attack which would enable access to the victim’s information and the ability to alter information.
  • Successful exploitation could also potentially cause downtime for the targeted system.

 

System Affected

  • Microsoft Exchange Server 2016 Cumulative Update 23
  • Microsoft Exchange Server 2019 Cumulative Update 12
  • Microsoft Exchange Server 2019 Cumulative Update 13

 

Recommendations

  • Administrators are strongly urged to install and apply patch to the latest Exchange Server security updates (https://msrc.microsoft.com/update-guide) to avoid any potential security breaches.
  • Administrators are also recommended to install the Exchange Server Health Checker (https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/) to detect common configuration issues that are known to cause performance issues and other long running issues that are caused by a simple configuration change within an Exchange Environment
  • Perform a security scan – run a FULL scan of your computer with your UPDATED anti-malware software.
  • Perform a full backup occasionally.

Note:

 

References

https://securityonline.info/microsoft-exchange-server-rce-cve-2023-36745-flaw-gets-poc-exploit/
https://techcommunity.microsoft.com/t5/exchange-team-blog/september-2023-release-of-new-exchange-server-cves-resolved-by/ba-p/3924063
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745
https://vulnera.com/newswire/microsoft-exchange-server-vulnerability-poc-exploit-for-cve-2023-36745-published/