Security News > 2020 > March > Attacks Targeting Recent Microsoft Exchange Flaw Ramping Up

Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates.

Tracked as CVE-2020-0688 and found in Microsoft Exchange 2010, 2013, 2016, and 2019, the issue exists because the server doesn't create unique cryptographic keys at the time of installation, which allows an authenticated attacker to trick the server into deserializing malicious ViewState data.

Specifically, the attacker needs access to the Exchange Control Panel interface and to have working credentials at hand to log in to the ECP. Over the weekend, the National Security Agency warned in a tweet of the existence of this vulnerability and the attackers' ability to run commands on unpatched servers.

Last week, Rapid7 released a module to incorporate the exploit into the Metasploit penetration testing framework, and attacks targeting vulnerable Exchange installations are beginning to ramp up, Volexity says.

The security firm says multiple adversaries are attempting to brute-force credentials by leveraging Exchange Web Services, in preparation for attacks targeting this vulnerability.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/16GFM5MfOqU/attacks-targeting-recent-microsoft-exchange-flaw-ramping