virus logo Intrusion Prevention

MS.Exchange.PS.GenericSidIdentity.Insecure.Deserialization

description-logoDescription

This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in Microsoft Exchange Server.
The vulnerability is due to improper validation of objects in the PowerShell Remoting feature. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution under the security context of SYSTEM.

affected-products-logoAffected Products

Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 12

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-06-27 24.590 Default_action:pass:drop
2023-05-24 23.561
ID 52982
Created May 17, 2023
Updated Jun 26, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2023-21707
Exploit Prediction Score 4.86%
Default Action drop
Active
Affected OS Windows
Affected App MS_Exchange