Tech News

Critical unpatched flaw in 80% of Exposed Microsoft Exchange Servers

After a survey by rapid7, there are 350,000 Microsoft Exchange Servers exposed on the Internet that are vulnerable to post-auth remote code execution vulnerability CVE-2020-0688, affecting all the Microsoft exchange server.

The vulnerability was present in the Exchange Control Panel( ECP) that comes on by default allows attackers to take control over vulnerable Microsoft Exchange servers.

On February Microsoft has patched a critical RCE flaw in the February update. On March 4, Microsoft one of the well-known cybersecurity firm Rapid7 has added a new MS Exchange RCE module in its Metasploit framework with multiple proofs-of-concept with the proof of Concept on Github with exploits.

After that  NSA and CISA has urged the organization to patch the  CVE-2020-0688, bug as many APT hackers has started exploiting it in wild.

80% of the Servers Not Patched

On March 24, Rapid7 cybersecurity firm started a survey with their   Project Sonar and they found that approx 357,629 (82.5%) were vulnerable to CVE-2020-0688 of 433,464 that were scanned.

Exchange Server Vulnerability

They also found that not just servers missing the CVE-2020-0688 there were about 31,000 Exchange 2010 Servers that has not been patched from 2012.

There are two important efforts that Exchange Administrators and infosec teams need to undertake: verifying deployment of the update and checking for signs of compromise

Rapid7 Labs senior manager Tom Sellers

Patch and Check for Compromise for CVE-2020-0688

Compromised Exchange Servers can be checked by viewing the Windows Event and IIS logs.

User accounts compromised and used in attacks against Exchange servers can be discovered by checking Windows Event and IIS logs for portions of encoded payloads including either the “Invalid viewstate” text or the __VIEWSTATE and __VIEWSTATEGENERATOR string for requests to a path under /ecp.

Beeping Computers.

But the most important step is applying the patch for the CVE-2020-0688. The most reliable method to apply the patch is checking it with patch management software.

Satender Kumar

A Blogger always fascinated with the technology and gather as much amount of knowledge from the internet. Loves to share the knowledge with the others and always available to play chess.

Related Articles

Leave a Reply

Back to top button
The Tech Infinite