Microsoft Exchange Validation Key Remote OS Command Injection Exploit Update

.NET deserialization vulnerability in the Microsoft Exchange Control Panel web page allows authenticated attackers to execute OS commands with SYSTEM privileges. The lack of randomization in the validationKey and decryptionKey values at installation allows an attacker to create a crafted viewstate to execute OS commands via .NET deserialization.
Vulnerabilty ID: 
Released Date: 
Thursday, March 12, 2020 - 19:00