HomeWinBuzzer NewsMicrosoft Exchange Vulnerability Has Been Targeted by Government-Backed Hackers

Microsoft Exchange Vulnerability Has Been Targeted by Government-Backed Hackers

Security firm Volexity has confirmed a Microsoft Exchange bug has been exploited by several groups associated with governments.

-

Security researcher have disclosed information of an attack that exploits a vulnerability in Microsoft Exchange. UK cyber-security company Volexity says several hacking groups have targeted the flaw, which has already been patched by Microsoft. Interestingly, the firm says the groups are government-backed hackers.

However, Volexity did not disclose which groups it believes are perpetrating the exploit. The company also did not expand on details.

Instead, the Department of Defense (DoD) confirmed the attacks to ZDNet and said the groups are “all the big players”.

The vulnerability in question is location in Microsoft Exchange and labeled as CVE-2020-0688. Below is how Microsoft describes the flaw in its official security posting:

“A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.”

It is worth noting Microsoft rolled out a fix for this vulnerability during last months' Patch Tuesday on February 11. Redmond believed the bug could be exploited so urged users and admins to update as soon as possible.

Many people seemingly did not heed that warning and since the back in of February attacks have been happening. Three proof-of-concepts have been found on GitHub [1, 2, 3] and hackers have now targeted the zero-day.

Exploit

Volexity points out the real attacks have started, although exploiting the Microsoft Exchange vulnerability is not easy. The company says only high-level hackers would be able to exploit the flaw because credentials for an Exchange server email account are needed.

Many organizations employ two-factor authentication (2FA) to protect their VPN, e-mail, etc., limiting what an attacker can do with a compromised password.

Several mitigations are offered by the security company. Firstly, users should obviously update to the patch Microsoft issued a month ago. However, Volexity also says admins need to start expiring passwords and demanding users update their passwords regularly.

SourceVolexity
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Mastodon