Security News > 2020 > March > Attacks Targeting Recent Microsoft Exchange Flaw Ramping Up
Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates.
Tracked as CVE-2020-0688 and found in Microsoft Exchange 2010, 2013, 2016, and 2019, the issue exists because the server doesn't create unique cryptographic keys at the time of installation, which allows an authenticated attacker to trick the server into deserializing malicious ViewState data.
Specifically, the attacker needs access to the Exchange Control Panel interface and to have working credentials at hand to log in to the ECP. Over the weekend, the National Security Agency warned in a tweet of the existence of this vulnerability and the attackers' ability to run commands on unpatched servers.
Last week, Rapid7 released a module to incorporate the exploit into the Metasploit penetration testing framework, and attacks targeting vulnerable Exchange installations are beginning to ramp up, Volexity says.
The security firm says multiple adversaries are attempting to brute-force credentials by leveraging Exchange Web Services, in preparation for attacks targeting this vulnerability.
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |