Microsoft Exchange Validation Key Remote OS Command Injection Exploit

.NET deserialization vulnerability in the Microsoft Exchange Control Panel web page allows authenticated attackers to execute OS commands with SYSTEM privileges. The lack of randomization in the validationKey and decryptionKey values at installation allows an attacker to create a crafted viewstate to execute OS commands via .NET deserialization.
Platform: 
Vulnerabilty ID: 
CVE-2020-0688
Released Date: 
Sunday, March 8, 2020 - 19:00