Security researcher have disclosed information of an attack that exploits a vulnerability in Microsoft Exchange. UK cyber-security company Volexity says several hacking groups have targeted the flaw, which has already been patched by Microsoft. Interestingly, the firm says the groups are government-backed hackers. However, Volexity did not disclose which groups it believes are perpetrating the exploit. The company also did not expand on details. Instead, the Department of Defense (DoD) confirmed the attacks to ZDNet and said the hacking groups are “all the big players”. The vulnerability in question is location in Microsoft Exchange and labeled as CVE-2020-0688. Below is how Microsoft describes the flaw in its official security posting: “A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.” It is worth noting Microsoft rolled out a fix for this vulnerability during last months' Patch Tuesday on February 11. Redmond believed the bug could be exploited so urged users and admins to update as soon as possible. Many people seemingly did not heed that warning and since the back in of February attacks have been happening. Three proof-of-concepts have been found on GitHub [1, 2, 3] and hackers have now targeted the zero-day.
Microsoft Exchange Vulnerability Has Been Targeted by Government-Backed Hackers
Security firm Volexity has confirmed a Microsoft Exchange bug has been exploited by several groups associated with governments.