Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw:
Cybersecurity firm Volexity is warning that nation-state actors are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers tracked as CVE-2020-0688.
The experts did not provide details on the threat actors that are exploiting the vulnerability, according [to] ZDNet that cited a DOD source the attackers belong to prominent APT groups.
The CVE-2020-0688 flaw resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time.
"Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM." reads the advisory published by Microsoft.
A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.
Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC.
(Score: 3, Interesting) by inertnet on Monday March 16 2020, @12:41PM (4 children)
Funny that Office 365 appears to prefer WIFI over a LAN connection. I recently brought corporate laptop from a client with Office 365 on it home, connected it to my LAN but it wouldn't connect. I then tried my WIFI and it happily connected to all the business Office thingies.
(Score: 4, Interesting) by ledow on Monday March 16 2020, @01:38PM (3 children)
Exchange/Outlook does not like not having a default gateway specified on an interface.
For years it's been just silently failing when you don't have a default gateway, and gives spurious error messages that don't hint at that being the problem.
Check your Ethernet interface is being given, or has a static, default gateway IP.
(Score: 0) by Anonymous Coward on Monday March 16 2020, @02:35PM (2 children)
that's just... stupid..
(Score: 1, Interesting) by Anonymous Coward on Tuesday March 17 2020, @01:10AM
It is stupid for a program that it the center of your corporate communications and the network stack to not send every packet to a default address regardless of the network you are on? Sounds like a smart thing to do to me.
(Score: 2) by ledow on Wednesday March 18 2020, @04:10PM
Not telling you in the error message: Stupid, I agree.
Blindly trying to talk out to all your subnets and the wider Internet without caring whether your default gateway is in place: Not stupid.
Many things just don't work without a default gateway, especially on VLANned, subnetted corporate networks. It's not TELLING the user that's a possibility that's the problem.