UK cyber-security firm Volexity on Friday spotted first the exploitation attempts to Microsoft Exchange Email Servers. The bug has found in the Exchange Control Panel (ECP) component. Microsoft patched the vulnerability which was tracked as CVE-2020-0688 last month, in the February 2020 Patch Tuesday.
Attackers can take full control over the servers
The vulnerability CVE-2020-0688 causes Microsoft Exchange servers to fail to create a unique cryptographic key for the Exchange control panel, during installation. So, it enables attackers to send malformed requests to the Exchange control panel containing malicious serialized data. Attackers can take full control over the servers via the malicious code runs with system privileges. This patch closes the backdoor by correcting the way of creation of the keys.
Two weeks after the patch release, and the Zero-Day Initiative technical report about the bug went live, the attacker took action to scan all the possible vulnerable Exchange servers through the Internet. To provide protection against attackers who aim to exploit the CVE-2020-0688 Exchange bug, a security fix is the only solution.
Volexity said that the scans for Exchange servers have turned into actual attacks. The company Volexity recommends “placing access control list (ACL) restrictions on the ECP virtual directory in IIS and/or via any web application firewall capability.”