Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday March 16 2020, @09:58AM   Printer-friendly
from the another-hole-in-the-wall dept.

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw:

Cybersecurity firm Volexity is warning that nation-state actors are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers tracked as CVE-2020-0688.

The experts did not provide details on the threat actors that are exploiting the vulnerability, according [to] ZDNet that cited a DOD source the attackers belong to prominent APT groups.

The CVE-2020-0688 flaw resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time.

"Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM." reads the advisory published by Microsoft.

A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday March 16 2020, @02:35PM (2 children)

    by Anonymous Coward on Monday March 16 2020, @02:35PM (#971883)

    that's just... stupid..

  • (Score: 1, Interesting) by Anonymous Coward on Tuesday March 17 2020, @01:10AM

    by Anonymous Coward on Tuesday March 17 2020, @01:10AM (#972065)

    It is stupid for a program that it the center of your corporate communications and the network stack to not send every packet to a default address regardless of the network you are on? Sounds like a smart thing to do to me.

  • (Score: 2) by ledow on Wednesday March 18 2020, @04:10PM

    by ledow (5567) on Wednesday March 18 2020, @04:10PM (#972794) Homepage

    Not telling you in the error message: Stupid, I agree.
    Blindly trying to talk out to all your subnets and the wider Internet without caring whether your default gateway is in place: Not stupid.

    Many things just don't work without a default gateway, especially on VLANned, subnetted corporate networks. It's not TELLING the user that's a possibility that's the problem.