CVE-2020-17141: 
vulnerability analysis and mitigation

Microsoft Exchange Remote Code Execution Vulnerability (CVE-2020-17141) was disclosed in December 2020. This vulnerability affects Microsoft Exchange Server 2016 (Cumulative Update 17 and 18) and Exchange Server 2019 (Cumulative Update 6 and 7). The vulnerability is part of a group of similar vulnerabilities, being unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, and CVE-2020-17144 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.4 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H, indicating network accessibility, low attack complexity, high privileges required, and user interaction needed. The CVSS v2.0 base score is 6.0 (MEDIUM) with vector (AV:N/AC:M/Au:S/C:P/I:P/A:P) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute code remotely on affected Microsoft Exchange Server systems, potentially compromising the confidentiality, integrity, and availability of the system (NVD).

Microsoft has released security updates to address this vulnerability. The patches are available for Exchange Server 2016 (Cumulative Update 17 and 18) and Exchange Server 2019 (Cumulative Update 6 and 7) through KB4593465 (Rapid7).