CVE-2019-1373

Description

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.

Affected products

• Microsoft / Microsoft Exchange Server 2013Cumulative Update 23 – Cumulative Update 23
• Microsoft / Microsoft Exchange Server 2016Cumulative Update 13 – Cumulative Update 13
• Microsoft / Microsoft Exchange Server 2016 Cumulative Update 14unspecified – unspecified
• Microsoft / Microsoft Exchange Server 2019Cumulative Update 2 – Cumulative Update 2
• Microsoft / Microsoft Exchange Server 2019 Cumulative Update 3unspecified – unspecified

References

• VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373