“An attacker can execute arbitrary .Net code on the server…”
A important stability flaw influencing each and every single supported version of Microsoft Exchange Server leaves attackers capable to “divulge or falsify corporate email communications at will”, Development Micro’s Zero Working day Initiative (ZDI) warned this 7 days.
Specifics of how to exploit the vulnerability – reported to ZDI by an anonymous stability researcher – are now community, indicating negative actors are very likely to be working on assaults dependent on the strategy. Microsoft is warning that the bug will be exploited in the following thirty times if admins have not patched their methods. Hundreds of thousands are very likely impacted.
Mass scanning for the vulnerability has reportedly commenced now.
CVE-2020-0688 mass scanning exercise has begun. Question our API for “tags=CVE-2020-0688” to find hosts conducting scans. #threatintel
— Negative Packets Report (@negative_packets) February twenty five, 2020