Security News > 2020 > February > Hackers Looking for Exchange Servers Affected by Recently Patched Flaw
Hackers have started scanning the Internet for Microsoft Exchange Server instances that are affected by a remote code execution vulnerability patched earlier this month.
The issue resides in the Exchange Control Panel component and consists of Exchange Server installations having the same validationKey and decryptionKey values in web.
On Wednesday, security researcher Kevin Beaumont, who considers the vulnerability critical in the case of enterprises that expose Exchange servers to the Internet, revealed on Twitter that hackers are massively scanning for Microsoft Exchange servers affected by the vulnerability.
ZDI too points out that, because any user within an enterprise would be allowed to authenticate to the Exchange server, an attacker needs to compromise the credentials of a single user to authenticate and exploit the vulnerability.
Microsoft released patches for Exchange Server 2010, 2013, 2016 and 2019, but Exchange Server 2007, which reached end of life in April 2017, might be affected as well.
News URL
Related news
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb (source)
- Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Targus discloses cyberattack after hackers detected on file servers (source)