Security News > 2020 > March > Attacks Targeting Recent Microsoft Exchange Flaw Ramping Up
Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates.
Tracked as CVE-2020-0688 and found in Microsoft Exchange 2010, 2013, 2016, and 2019, the issue exists because the server doesn't create unique cryptographic keys at the time of installation, which allows an authenticated attacker to trick the server into deserializing malicious ViewState data.
Specifically, the attacker needs access to the Exchange Control Panel interface and to have working credentials at hand to log in to the ECP. Over the weekend, the National Security Agency warned in a tweet of the existence of this vulnerability and the attackers' ability to run commands on unpatched servers.
Last week, Rapid7 released a module to incorporate the exploit into the Metasploit penetration testing framework, and attacks targeting vulnerable Exchange installations are beginning to ramp up, Volexity says.
The security firm says multiple adversaries are attempting to brute-force credentials by leveraging Exchange Web Services, in preparation for attacks targeting this vulnerability.
News URL
Related news
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |