myTech.Today

ZeroDay: Remote execution and control of MS Exchange Server

Microsoft Exchange Logo

Microsoft has released a zero-day patch for all versions of the Microsoft Exchange Server.  As explained in the linked article, by examining the encryption certificate keys, a hacker is able to execute malicious code on any Exchange server via a POST to the Exchange Server's address.

CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys

February 25, 2020 | Simon Zuckerbraun

https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys

"Microsoft patched this vulnerability in February 2020 as CVE-2020-0688. According to their write-up, they addressed this vulnerability by “correcting how Microsoft Exchange creates the keys during install.” In other words, they now randomize the cryptographic keys at installation time. Microsoft rated this as Important in severity, likely because an attacker must first authenticate. It should be noted, however, that within an enterprise, most any user would be allowed to authenticate to the Exchange server. Similarly, any outside attacker who compromised the device or credentials of any enterprise user would be able to proceed to take over the Exchange server. Having accomplished this, an attacker would be positioned to divulge or falsify corporate email communications at will. Accordingly, if you’re an Exchange Server administrator, you should treat this as a Critical-rated patch and deploy it as soon as your testing is complete. Microsoft lists this with an Exploit Index of 1, which means they expect to see exploits within 30 days of the patch release. As demonstrated, that certainly seems likely."