Command and Control
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka ‘Microsoft Exchange Server Remote Code Execution Vulnerability’. Note: As of January 12, 2021, the patch for CVE-2020-16875 has been bypassed twice. See CVE-2020-17132 for details.