Zero Day Initiative security researcher Simon Zuckerbraun published a demo on how attackers can exploit a recent vulnerability in Microsoft Exchange, classified as CVE-2020-0688. The flaw was patched two weeks ago, however, attackers are actively scanning the Internet for Microsoft Exchange Servers that have not been updated and are still vulnerable to that remote code execution vulnerability. This includes all server versions up to the latest patch.
The flaw lies in the Exchange Control Panel (ECP) component, caused by Exchange’s inability to create unique cryptographic keys when installed. Zuckerbraun stated in the video that any outside attacker who compromised the credentials or device of any user would have the ability to completely take over the Exchange server by exploiting the vulnerability. After this is achieved, the attacker would be able to falsify corporate email communications and more.
Read More: Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!