I’M UNDER A CYBER ATTACK

Alert

Microsoft Exchange Server

Alert 2023-07 – Public PoC for Microsoft Exchange Server Critical RCE Vulnerability

A critical vulnerability has been reported affecting Microsoft Exchange Server Mail Server named CVE-2023-36745 rated High with a CVSS score of 8.0, which may allow remote attackers to execute remote code (RCE).

This vulnerability is exploited by leveraging the Microsoft.Exchange.DxStore.Common.DxSerializationUtil.SharedTypeResolver class to bypass the default security restrictions of the .NET Framework. This class can be used to load assemblies from remote locations, which subsequently allows arbitrary code execution on the victim’s system.

An attacker could exploit the vulnerability by leveraging the gadget (Type 4) UnitySerializationHolder by deserializing untrusted data. Exploitation of this vulnerability requires the attacker to gain access to the LAN and obtain credentials for a valid Exchange user.

A Proof of Concept (PoC) exploit for Microsoft Exchange Server vulnerability CVE-2023-36745 has been published, it is recommended to take immediate corrective action.

Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.