Already since February a security patch is available at Microsoft, which closes a dangerous gap in Exchange servers. Of the 350,000 systems affected according to the analysis at that time, only about 100,000 have been patched. Because the vulnerability, officially named CVE-2020-0688, has been actively exploited by cyber criminals since January 2020 and most systems are still unpatched, urgent action is needed.
Attackers exploit the vulnerability to gain access to sensitive content within an organisation using user credentials or an old service account. The explosive nature of the vulnerability and its possible consequences has prompted the US Department of Defense, among other official bodies, to warn that the gap is being exploited by "all major players", including hackers on government contracts.
A cumulative update and service pack to fix the remote code execution vulnerability in Microsoft Exchange 2010, 2013, 2016 and 2019 was made available by Microsoft on 11 February as part of the patchday. Further details can be found in Microsoft's Security Update Guide.
Is your system possibly affected, you have questions about the vulnerability? Our experts will be happy to provide you with advice and discuss the necessary steps with you.
TSO-DATA
Marvin Hitzfeld
mhitzfeld[at]tso[dot]de
+49 (541) 1395-94
