CVE-2023-36744: 
vulnerability analysis and mitigation

Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2023-36744) was discovered and reported on July 11, 2023, affecting Microsoft Exchange Server installations. The vulnerability impacts Exchange Server 2016 Cumulative Update 23 and Exchange Server 2019 Cumulative Updates 12 and 13 (ZDI Advisory).

The vulnerability stems from a deserialization flaw in the DumpDataReader class, where proper validation of user-supplied data is lacking. This security issue allows for the deserialization of untrusted data. The vulnerability has received a CVSS v3.1 base score of 8.0 (HIGH) with the vector string CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability enables remote attackers to create arbitrary files on affected Microsoft Exchange installations. The vulnerability can be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM, potentially leading to complete system compromise (ZDI Advisory).

Microsoft has released security updates to address this vulnerability. Organizations running affected versions of Exchange Server should apply the relevant updates: KB5030524 for Exchange Server 2016 CU23, Exchange Server 2019 CU12, and Exchange Server 2019 CU13 (Rapid7).