Security News > 2020 > March > Attacks Targeting Recent Microsoft Exchange Flaw Ramping Up
Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates.
Tracked as CVE-2020-0688 and found in Microsoft Exchange 2010, 2013, 2016, and 2019, the issue exists because the server doesn't create unique cryptographic keys at the time of installation, which allows an authenticated attacker to trick the server into deserializing malicious ViewState data.
Specifically, the attacker needs access to the Exchange Control Panel interface and to have working credentials at hand to log in to the ECP. Over the weekend, the National Security Agency warned in a tweet of the existence of this vulnerability and the attackers' ability to run commands on unpatched servers.
Last week, Rapid7 released a module to incorporate the exploit into the Metasploit penetration testing framework, and attacks targeting vulnerable Exchange installations are beginning to ramp up, Volexity says.
The security firm says multiple adversaries are attempting to brute-force credentials by leveraging Exchange Web Services, in preparation for attacks targeting this vulnerability.
News URL
Related news
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |