Vulnerability Alert: Remote Code Execution Vulnerability in Microsoft Exchange Server(CVE-2023-28310)
Exchange Server is a suite of email service components developed by Microsoft, providing a wide range of email service functionalities. In addition to the common SMTP/POP protocol services, it also supports IMAP4, LDAP, and NNTP protocols. There are two versions of Exchange Server: Standard Edition, which includes Active Server, Network News Services, and a range of interfaces with other email systems, and Enterprise Edition, which includes all the features of the Standard Edition plus email gateways for communication with IBM OfficeVision, X.400, VM, and SNADS. Exchange Server supports mail access through web browsers.
| Vulnerability ID | CVE-2023-28310 |
|---|---|
| Vulnerability Type | Remote Code Execution (RCE) |
| Vulnerability Severity | High |
| Required Permissions | User-level privileges |
| Vendor | Microsoft Corporation |
| Release Date | 2023-06-14 |
Exchange Server 2019 Cumulative Update 12
Exchange Server 2019 Cumulative Update 11
Exchange Server 2016 Cumulative Update 23
Exchange Server 2013 Cumulative Update 23
(Note: Official updates for Exchange Server 2013 have been discontinued as of April 2023)
You can manually update the affected versions by following the link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310
If you have a functional type of issue, you can raise an issue on GitHub or in the discussion group below:
- GitHub issue: https://github.com/gobysec/Goby/issues
- Telegram Group: http://t.me/gobies (Community advantage: Stay updated with the latest information about Goby features, events, and other announcements in real-time.)
- Telegram Channel: https://t.me/joinchat/ENkApMqOonRhZjFl
- Twitter:https://twitter.com/GobySec