Microsoft released a fix for a remote code execution vulnerability in Microsoft Exchange (CVE-2020-0688). The vulnerability exists because Exchange fails to create unique cryptographic keys at installation time, leading to all Exchange servers using the same “validationKey” and “decryptionKey” values.
Knowledge of a the validation key allows an authenticated user with a mailbox on the server to pass arbitrary objects to be deserialized by the web application. That runs as “SYSTEM”, leading to remote code execution with the highest privileges.
On February 25th 2020, Zero Day Initiative released a blog post detailing how to exploit the vulnerability. Any user with an account on an Exchange server can easily exploit the remote code execution vulnerability.
Some researchers point-out that scanning for vulnerable Exchange servers is ongoing.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol is available 24/7.
UK +44 20 8089 9944