CVE-2020-0692
published 2020-02-11CVE-2020-0692: An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
PriorityP345high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
3.26%
86.8th percentile
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
| microsoft | microsoft_exchange_server_2013 | — | — |
| microsoft | microsoft_exchange_server_2016_cumulative_update_14 | — | — |
| microsoft | microsoft_exchange_server_2016_cumulative_update_15 | — | — |
| microsoft | microsoft_exchange_server_2019_cumulative_update_3 | — | — |
| microsoft | microsoft_exchange_server_2019_cumulative_update_4 | — | — |
| msrc | microsoft_exchange_server_2010_service_pack_3 | — | — |
| msrc | microsoft_exchange_server_2013_cumulative_update_21 | — | — |
| msrc | microsoft_exchange_server_2013_cumulative_update_22 | — | — |
| msrc | microsoft_exchange_server_2013_cumulative_update_23 | — | — |
| msrc | microsoft_exchange_server_2013_service_pack_1 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_10 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_11 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_12 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_13 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_14 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_15 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_16 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_17 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_18 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_19 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_8 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_9 | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m5g6-5m87-6crm: An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'
ghsa_unreviewed·2022-05-24
CVE-2020-0692 [MEDIUM] CWE-269 GHSA-m5g6-5m87-6crm: An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
Microsoft
Microsoft Exchange Server Remote Code Execution Vulnerability
vendor_msrc·2021-03-09·CVSS 7.8
CVE-2021-26857 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
FAQ: Is this vulnerability being used in an active attack?
Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server.
What is the target for this attack?
The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source. In addition, the Exchange server would need to be running Microsoft Exchange Server 2013, 2016, or 2019.
Where can I get more information about how to protect myself from the vulnerabilities?
Pleas
Microsoft
Microsoft Exchange Server Remote Code Execution Vulnerability
vendor_msrc·2021-03-09·CVSS 9.1
CVE-2021-26855 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
FAQ: Is this vulnerability being used in an active attack?
Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server.
What is the target for this attack?
The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source. In addition, the Exchange server would need to be running Microsoft Exchange Server 2013, 2016, or 2019.
Where can I get more information about how to protect myself from the vulnerabilities?
Pleas
Microsoft
Microsoft Exchange Server Remote Code Execution Vulnerability
vendor_msrc·2021-03-09·CVSS 7.8
CVE-2021-27065 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
FAQ: Is this vulnerability being used in an active attack?
Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server.
What is the target for this attack?
The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source. In addition, the Exchange server would need to be running Microsoft Exchange Server 2013, 2016, or 2019.
Where can I get more information about how to protect myself from the vulnerabilities?
Pleas
Microsoft
Microsoft Exchange Server Remote Code Execution Vulnerability
vendor_msrc·2021-03-09·CVSS 7.8
CVE-2021-26858 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
FAQ: Is this vulnerability being used in an active attack?
Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server.
What is the target for this attack?
The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source. In addition, the Exchange server would need to be running Microsoft Exchange Server 2013, 2016, or 2019.
Where can I get more information about how to protect myself from the vulnerabilities?
Pleas
Microsoft
Microsoft Exchange Server Elevation of Privilege Vulnerability
vendor_msrc·2020-02-11·CVSS 8.1
CVE-2020-0692 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users.
Exploitation of this vulnerability requires Exchange Web Services (EWS) to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to change parameters in the Security Access Token and forward it to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user.
To address this vulnerability, Microsoft has changed the way EWS handles these tokens.
No detection rules found.
No public exploits indexed.
Trendmicro
Patch Tuesday: Fixes for LNK, RDP, and Trident
blogs_trendmicro·2020-02-12·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for LNK, RDP, and Trident
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for LNK, RDP, and Trident
February Patch Tuesday brings an even wider range of fixes than January. It addresses a total of 99 vulnerabilities — including 12 classified as Critical. Only five of the vulnerabilities were made public before the patches were released.
By: Trend Micro
2020/02/12
Read time: ( words)
Save to Folio
The first Patch Tuesday of 2020 in January brought an unusually long list of patches, but February brings an even wider range of fixes that address a total of 99 vulnerabilities — including 12 classified as Critical, with the remaining 99 deemed Important. Only five of the vulnerabilities were made public before the patches were released; one of these was rated as Critical.
New Critical vulnerabilities of note inc
Talos
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-02-11·CVSS 8.8
[HIGH] Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity.
This month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player.
Talos released a new set of SNORTⓇ rules today that provide coverage for some of these vulnerabilities, which you can see here.
### Critical vulnerabilities Microsoft disclosed 12 critical vulnerabilities this mo
Talos
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-02-11·CVSS 7.5
[HIGH] Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity.
This month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player.
Talos released a new set of SNORTⓇ rules today that provide coverage for some of these vulnerabilities, which you can see here
2020-02-11
Published