Security News > 2020 > February > Hackers Looking for Exchange Servers Affected by Recently Patched Flaw

Hackers Looking for Exchange Servers Affected by Recently Patched Flaw
2020-02-27 14:49

Hackers have started scanning the Internet for Microsoft Exchange Server instances that are affected by a remote code execution vulnerability patched earlier this month.

The issue resides in the Exchange Control Panel component and consists of Exchange Server installations having the same validationKey and decryptionKey values in web.

On Wednesday, security researcher Kevin Beaumont, who considers the vulnerability critical in the case of enterprises that expose Exchange servers to the Internet, revealed on Twitter that hackers are massively scanning for Microsoft Exchange servers affected by the vulnerability.

ZDI too points out that, because any user within an enterprise would be allowed to authenticate to the Exchange server, an attacker needs to compromise the credentials of a single user to authenticate and exploit the vulnerability.

Microsoft released patches for Exchange Server 2010, 2013, 2016 and 2019, but Exchange Server 2007, which reached end of life in April 2017, might be affected as well.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/1kZCWIwmrOk/hackers-looking-exchange-servers-affected-recently-patched-flaw