Stories
Slash Boxes
Comments

SoylentNews is people

APTs Are Exploiting CVE-2020-0688 Microsoft Exchange Server Flaw

posted by Fnord666 on Monday March 16 2020, @09:58AM   Printer-friendly
from the another-hole-in-the-wall dept.

upstart writes in with an IRC submission for SoyCow4275:

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw:

Cybersecurity firm Volexity is warning that nation-state actors are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers tracked as CVE-2020-0688.

The experts did not provide details on the threat actors that are exploiting the vulnerability, according [to] ZDNet that cited a DOD source the attackers belong to prominent APT groups.

The CVE-2020-0688 flaw resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time.

"Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM." reads the advisory published by Microsoft.

A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC.

Original Submission

 
This discussion has been archived. No new comments can be posted.
APTs Are Exploiting CVE-2020-0688 Microsoft Exchange Server Flaw | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by inertnet on Monday March 16 2020, @12:41PM (4 children)

    by inertnet (4071) on Monday March 16 2020, @12:41PM (#971849) Journal

    Funny that Office 365 appears to prefer WIFI over a LAN connection. I recently brought corporate laptop from a client with Office 365 on it home, connected it to my LAN but it wouldn't connect. I then tried my WIFI and it happily connected to all the business Office thingies.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 4, Interesting) by ledow on Monday March 16 2020, @01:38PM (3 children)

    by ledow (5567) on Monday March 16 2020, @01:38PM (#971864) Homepage

    Exchange/Outlook does not like not having a default gateway specified on an interface.

    For years it's been just silently failing when you don't have a default gateway, and gives spurious error messages that don't hint at that being the problem.

    Check your Ethernet interface is being given, or has a static, default gateway IP.

    • (Score: 0) by Anonymous Coward on Monday March 16 2020, @02:35PM (2 children)

      by Anonymous Coward on Monday March 16 2020, @02:35PM (#971883)

      that's just... stupid..

      • (Score: 1, Interesting) by Anonymous Coward on Tuesday March 17 2020, @01:10AM

        by Anonymous Coward on Tuesday March 17 2020, @01:10AM (#972065)

        It is stupid for a program that it the center of your corporate communications and the network stack to not send every packet to a default address regardless of the network you are on? Sounds like a smart thing to do to me.

      • (Score: 2) by ledow on Wednesday March 18 2020, @04:10PM

        by ledow (5567) on Wednesday March 18 2020, @04:10PM (#972794) Homepage

        Not telling you in the error message: Stupid, I agree.
        Blindly trying to talk out to all your subnets and the wider Internet without caring whether your default gateway is in place: Not stupid.

        Many things just don't work without a default gateway, especially on VLANned, subnetted corporate networks. It's not TELLING the user that's a possibility that's the problem.