Description

A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.

Remediation

Upgrade to the latest version of Microsoft Exchange Server.

References

Related Vulnerabilities