Microsoft Exchange Server Remote Code Execution Vulnerability [CVE-2020-16875]
CVE number – CVE-2020-16875
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.
An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.
The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.
How to get and install the update
Method 1: Microsoft Update
This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Method 3: Microsoft Download Center
You can get the standalone update package through the Microsoft Download Center.
Download Security Update For Exchange Server 2019 Cumulative Update 6 (KB4577352)
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.