Security News > 2020 > March > Attacks Targeting Recent Microsoft Exchange Flaw Ramping Up

Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates.
Tracked as CVE-2020-0688 and found in Microsoft Exchange 2010, 2013, 2016, and 2019, the issue exists because the server doesn't create unique cryptographic keys at the time of installation, which allows an authenticated attacker to trick the server into deserializing malicious ViewState data.
Specifically, the attacker needs access to the Exchange Control Panel interface and to have working credentials at hand to log in to the ECP. Over the weekend, the National Security Agency warned in a tweet of the existence of this vulnerability and the attackers' ability to run commands on unpatched servers.
Last week, Rapid7 released a module to incorporate the exploit into the Metasploit penetration testing framework, and attacks targeting vulnerable Exchange installations are beginning to ramp up, Volexity says.
The security firm says multiple adversaries are attempting to brute-force credentials by leveraging Exchange Web Services, in preparation for attacks targeting this vulnerability.
News URL
Related news
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |