Attackers are actively scanning the internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution vulnerability patched by Microsoft two weeks ago (despite patches being made available, some organizations choose to forgo automatic updates, opting to implement them manually or not at all). The flaw is present in the Exchange Control Panel (ECP) component and is caused by Exchange's inability to create unique cryptographic keys when being installed. Once exploited, it allows authenticated attackers to execute code remotely with SYSTEM privileges on an exploited server and fully compromise it. A security researcher published a demo on how to exploit the vulnerability and how to use the fixed cryptographic keys as part of an attack against an unpatched server. Scanning activity is usually followed by attacks, which could entail the delivery of ransomware and other forms of malware. The security researcher encouraged any entities who might be affected to act quickly, saying "if you’re an Exchange Server administrator, you should treat this as a Critical-rated patch and deploy it as soon as your testing is complete." Read the article at Bleeping Computer.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!