CVE-2020-24085 is a Microsoft Exchange Server spoofing vulnerability released as part of Microsoft’s February Patch Tuesday advisories. The vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Exchange Server; successful exploitation requires authentication and user interaction (visiting a malicious page).
A public proof-of-concept exploit is available, at https://github.com/sourceincite/CVE-2021-24085.
Links:
- https://attackerkb.com/topics/taeSMPFD8J/cve-2021-24085