CVE-2023-21764: 
vulnerability analysis and mitigation

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2023-21764) was disclosed and published on January 10, 2023. This vulnerability affects Microsoft Exchange Server 2016 Cumulative Update 23 and Exchange Server 2019 Cumulative Updates 11 and 12 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially impacting confidentiality, integrity, and availability at a high level. The vulnerability is classified under CWE-426 (Untrusted Search Path) (NVD).

If successfully exploited, this vulnerability could allow an attacker to elevate their privileges on affected Microsoft Exchange Server systems, potentially gaining high-level access to confidentiality, integrity, and availability of the server (MSRC).

Microsoft has released security updates to address this vulnerability. Affected users should apply the January 2023 security updates for Microsoft Exchange Server. The update is available through Microsoft Update or can be downloaded from the Microsoft Update Catalog (Microsoft Support).