Security News > 2020 > February > Attackers probing for vulnerable Microsoft Exchange Servers, is yours one of them?
CVE-2020-0688, a remote code execution bug in Microsoft Exchange Server that has been squashed by Microsoft in early February, is ripe for exploitation and could become a vector for ransomware groups in coming months, warns cybersecurity researcher Kevin Beaumont.
Organizations running on-premise Exchange - any supported version up until the recent patch - would do well to patch as soon as possible, as scanning for vulnerable internet-facing servers has already begun.
CVE-2020-0688, initially classified by Microsoft as a memory corruption vulnerability turned out to be caused by Exchange Server failing to properly create unique cryptographic keys at the time of installation.
Microsoft Exchange remote code execution using IIS, simple ascii web request to code execution as SYSTEM on all versions of Exchange using internet interface🚨 Needs authentication, I'll explain why not a big hurdle in thread. https://t.
Having SYSTEM access to an Exchange Server and running Mimikatz could also give attackers access to plain-text user passwords, Beaumont noted.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/eEoAb92vnIk/
Related news
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |