01 November 2023
A Proof-of-Concept (PoC) exploit has been published for a Microsoft Exchange Server vulnerability, identified as CVE-2023-36745, which can allow remote attackers to execute code.
This vulnerability is exploited by leveraging the Microsoft.Exchange.DxStore.Common.DxSerializationUtil.SharedTypeResolver class to evade the .NET Framework’s default security restrictions. This class can be employed to load assemblies from remote locations, subsequently enabling the execution of arbitrary code on the victim’s system.
An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that the attacker gain LAN-access as well as obtain credentials for a valid Exchange user.
- May lead to a remote attack which would enable access to the victim’s information and the ability to alter information.
- Successful exploitation could also potentially cause downtime for the targeted system.
- Microsoft Exchange Server 2016 Cumulative Update 23
- Microsoft Exchange Server 2019 Cumulative Update 12
- Microsoft Exchange Server 2019 Cumulative Update 13
- Administrators are strongly urged to install and apply patch to the latest Exchange Server security updates (https://msrc.microsoft.com/update-guide) to avoid any potential security breaches.
- Administrators are also recommended to install the Exchange Server Health Checker (https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/) to detect common configuration issues that are known to cause performance issues and other long running issues that are caused by a simple configuration change within an Exchange Environment
- Perform a security scan – run a FULL scan of your computer with your UPDATED anti-malware software.
- Perform a full backup occasionally.