CVE-2020-17144
Published: 10 December 2020
Summary
CVE-2020-17144 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Exchange Server. Its CVSS base score is 8.4 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2020-17144 is a remote code execution vulnerability in Microsoft Exchange stemming from deserialization of untrusted data (CWE-502). It carries a CVSS 3.1 score of 8.4 with network attack vector, low complexity, and high impacts across confidentiality, integrity, and availability under changed scope.
An attacker with high privileges who can also trigger user interaction may exploit the flaw over the network to execute arbitrary code on affected Exchange servers.
Microsoft security advisories at the listed MSRC URLs detail available patches and mitigation steps, while CISA lists the CVE in its known exploited vulnerabilities catalog.
The entry was published in December 2020.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-9098
Vulnerability details
Microsoft Exchange Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor patches that remediate the deserialization flaw in Exchange.
Enforces validation of untrusted data before deserialization, blocking the root cause of arbitrary code execution.
Restricts the high-privilege accounts required by the attacker to trigger the RCE.