Mar 3, 2021

Public POC released for CVE-2021-24085

CVE-2020-24085 is a Microsoft Exchange Server spoofing vulnerability released as part of Microsoft’s February Patch Tuesday advisories. The vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Exchange Server; successful exploitation requires authentication and user interaction (visiting a malicious page). 

A public proof-of-concept exploit is available, at https://github.com/sourceincite/CVE-2021-24085.

Links:

  • https://attackerkb.com/topics/taeSMPFD8J/cve-2021-24085