With static keys, an attacker who passed the authentication process can start deserialization of malicious data sent to the server via the GET __VIEWSTATE
parameter on the Microsoft Exchange server and execute arbitrary code on the server in a web application context of the Exchange management panel under the SYSTEM account.
To detect attempts to exploit the vulnerability, the Microsoft Exchange remote code execution (RCE) using validation key rule is used. The check is enabled by default and does not require additional configuration.
PT AF assigns to attacks detected by the Remote code execution (RCE) in Microsoft Exchange Server using validation key rule the Low severity and the RCE tag. The attack classification IDs are CVE-2020-0688, OWASP 2010-A1.