[German]Attention Exchange Server Administrators – Cyber criminals are currently scanning the Internet for unpatched Exchange installations to exploit vulnerability CVE-2020-0688.
I have to bring the issue up again because there is a new threat level. I had already pointed out the problem in the 2018 blog post Vulnerability in Exchange Server 2010-2019. There is a vulnerability CVE-2020-0688 in Exchange from version 2010 to 2019. An exploit for this vulnerability has been known since January 2020 and updates to close the vulnerability have been available since February 11, 2020.
The vulnerability CVE-2020-0688 is a Microsoft Exchange Validation Key Remote Code Execution vulnerability described in this Microsoft document dated February 11, 2020.
The vulnerability that could be exploited to remote code execution exists in Microsoft Exchange Server if the server is unable to create unique (cryptographic) keys during installation.
Knowing a validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the Web application running as SYSTEM. Simon Zuckerbraun from the Zero Day Initiative has published this blog post on February 25, 2020 with some explanations. Tenable also has this post on the topic.
Security Updates from Feb. 11, 2020
Microsoft has released a security update on February 11, 2020. This fixes the vulnerability by correcting the way Microsoft Exchange creates the keys during installation. Here are the available updates that are classified as important
- Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30: KB4536989
- Microsoft Exchange Server 2013 Cumulative Update 23: KB4536988
- Microsoft Exchange Server 2016 Cumulative Update 14: KB4536987
- Microsoft Exchange Server 2016 Cumulative Update 15: KB4536987
- Microsoft Exchange Server 2019 Cumulative Update 3: KB4536987
- Microsoft Exchange Server 2019 Cumulative Update 4: KB4536987
So the required security updates are now available and can be installed. Bleeping Computer had already pointed out in the following tweet a few hours ago that hackers scan the Internet for unpatched Exchange installations.
— BleepingComputer (@BleepinComputer) February 26, 2020
This English-language article also point out the increasing danger of attacks.
Vulnerability in Exchange Server 2010-2019
Exchange Server 2013 Mail issues after Feb. 2020 Update
Exchange Server 2010: Support extended to October 13, 2020
Microsoft recommends disabling SMBv1 on Exchange
Security information for Linux and Exchange