Mass scanning for the CVE-2020-0688 vulnerability underway  

When, after learning from an anonymous researcher, the folks at Zero Day Initiative published a demo of the MS Exchange Server remote code execution (RCE) vulnerability, they just wanted to educate users. After all, Microsoft had earlier issued a patch to address the bug. But hackers had other ideas. Shortly after this information entered the public domain, they kicked off a large-scale search for unpatched Exchange Servers on the web, according to multiple reports.

— Kevin Beaumont (@GossiTheDog) February 25, 2020

— Bad Packets Report (@bad_packets) February 25, 2020 Such bad actors do not usually scan for cyber vulnerabilities for the sake of it. If their ongoing search yields something, they are certainly going to try to exploit the CVE-2020-0688 loophole. There are no reports of a successful CVE-2020-0688 exploit by ill-intentioned individuals so far. Hopefully, you will have secured your server by the time hackers have it in their crosshairs.

What is the CVE-2020-0688 bug?

According to Microsoft, CVE-2020-0688 is an RCE vulnerability in which the Exchange Server fails to properly generate unique keys during installation. Cryptographic keys are at the heart of the security of any data or IT system. When hackers manage to decipher them in a CVE-2020-0688 exploit, they can take control of the Exchange Server. Microsoft rates the severity of the threat as important rather than critical, though. Maybe this is because an attacker would still require authentication to utilize the validation keys. A determined hacker may still be able to obtain security credentials by other means, such as phishing, after which they would comfortably launch a CVE-2020-0688 attack. Keep in mind that not all cybersecurity violations originate from nefarious players living in a basement hideout or foreign country. The threats can come from internal actors with valid authentication. Hackers once took advantage of a similar loophole, PrivExchange, to obtain MS Exchange Server’s admin rights.  

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ