US National Security Agency and a network security company to remind the industry, there is a remote code execution vulnerability in Microsoft Exchange Server.
Although Microsoft last month released a patch for CVE-2020-0688, it has been found that many hackers are taking advantage of this vulnerability. After security researchers published a report on the technical details of the vulnerability of the situation to exploit the vulnerability has increased.
The end of February, "zero-day action" (Zero Day Initiative) of Simon Zuckerbraun published about Exchange Server issues a detailed report , it seems that valuable information will be handed over to the waiting hacker.
Microsoft said the patch for the vulnerability is very important, it will affect Microsoft Exchange Server 2010,2013,2016 and 2019. The company describes the security issues:. "When the server fails to create a unique key is correct at the time of installation, Microsoft Exchange Server will exist a remote code execution vulnerability understanding of the verification key so that authenticated users can have mailboxes pass an arbitrary object to be used by the Web application deserialization, deserialized by the Web application runs as a system "
US National Security Agency has released a simple reminder, a reminder of the vulnerability exists on Twitter:
A remote code execution (CVE-2020-0688) Microsoft Exchange Server in. If the attacker is not patched, there is an e-mail credentials can execute commands on your server.
Ease the guide is available at the following website: https: //t.co/MMlBo8BsB0
Internet security company Volexity also issued a warning:
APT participants through vulnerability CVE-2020-0688 ECP actively using Microsoft Exchange Server. Learn here about the attack and how to protect organizations for more information: https: //t.co/fwoKvHOLaV
In the blog , the company offers a number of recommendations to mitigate the vulnerability:
The most obvious solution to this vulnerability is to apply Microsoft 2020 February 11 to provide security updates. Another best practice Volexity long-term recommendation is to place the access control list (ACL) restrictions on the IIS and Windows Server ECP 2003 virtual directory. Or through a Web application firewall. Volexity recommendations do not require any special access to the ECP who can not access it. Ideally, this means that disable access from the Internet, or even limit which IP within the organization can access it. It is worth noting that two-factor authentication (2FA) may prevent a successful attack, because the attacker may not be able to obtain the data needed to make use of this vulnerability.
Volexity also strongly recommended that the password expiration, and require users to regularly update the password. Despite all the guidance on never need to change the password, but Volexity organization represents and often leads to serious work in the case of data leakage in the old password. In addition, Volexity recommends disabling the account no longer needed or is not logged in for a long time (for example, more than 90 days) of.