APTs Are Exploiting CVE-2020-0688 Microsoft Exchange Server Flaw
upstart writes in with an IRC submission for SoyCow4275:
Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw:
Cybersecurity firm Volexity is warning that nation-state actors are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers tracked as CVE-2020-0688.
The experts did not provide details on the threat actors that are exploiting the vulnerability, according [to] ZDNet that cited a DOD source the attackers belong to prominent APT groups.
The CVE-2020-0688 flaw resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time.
"Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM." reads the advisory published by Microsoft.
A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.
Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC.
Read more of this story at SoylentNews.