This particular threat would probably be nothing to write home about by now had all organizations with vulnerable servers patched as Microsoft had recommended. According to a Tweet by the NSA, a hacker only needs valid email credentials to execute code on an unpatched server, remotely.

Mitigation Guidance available at: https://t.co/MMlBo8BsB0 — NSA/CSS (@NSAGov) March 7, 2020

APT actors are actively breaching unpatched servers

News of a large-scale scan for unpatched MS Exchange servers surfaced on February 25, 2020. At that time, there was no single report of a successful server breach. But a cybersecurity organization, Zero Day Initiative, had already published a proof-of-concept video, demonstrating how to execute a remote CVE-2020-0688 attack. Now it looks like the search for exposed internet-facing servers has borne fruits to the agony of several organizations caught unawares. According to multiple reports, including a Tweet by a cybersecurity firm, there is active exploitation of Microsoft Exchange servers.

— Volexity (@Volexity) March 6, 2020 What is even more alarming is the involvement of Advanced Persistent Threat (APT) actors in the entire scheme. Typically, APT groups are states or state-sponsored entities. They are known to have the tech and the financial muscle to stealthily attack some of the most heavily guarded corporate IT networks or resources. Microsoft rated the severity of the CVE-2020-0688 vulnerability as important almost a month ago. However, the RCE loophole must still merit serious consideration today, seeing as the NSA is reminding the tech world about it.

Affected MS Exchange servers

Be sure to patch ASAP to forestall a potential disaster if you are still running an unpatched internet-facing MS Exchange server. There are security updates for the affected server versions 2010, 2013, 2016, and 2019. When releasing the updates, Microsoft said that the vulnerability in question compromised the ability of the server to generate validation keys properly during installation. An attacker could exploit that loophole and execute malicious code in an exposed system, remotely. Most cybersecurity researchers believe that breaching an IT system this way may pave the way for denial of service (DDoS) attacks. Microsoft has not acknowledged receiving reports of such a breach, though. For now, it appears that installing the patch is the only available remedy for the CVE-2020-0688 server vulnerability.    

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ