home.aspx
 
. https://secrutiny.com/2019/01/remote-code-execution-vulnerabilities-in-microsoft/
blog article
MICROSOFT EXCHANGE SERVER VULNERABLE TO EXPLOIT FROM A SIMPLE EMAIL
The remote code execution vulnerabilities (CVE-2019-0547 and CVE-2019-0586), according to Microsoft, exist in Microsoft Exchange software when the software fails to properly handle objects in memory. They can be exploited by merely sending an email to a vulnerable server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the system user. The hacker could then install programs; view, change or delete data; or create new accounts. Vulnerability, CVE-2019-0547, has been given Microsoft’s highest Exploit Index rating, meaning the bug is highly exploitable. Receiving emails is a large part of what Exchange is and if not fixed, can be detrimental to your company’s network. Failed exploit attempts can result in denial-of-service conditions. The technology giant’s update focuses on the vulnerability by correcting how Microsoft Exchange handles the objects in memory. READ MORE