Tuesday, January 21, 2025
Follow us On Linkedin
Homecyber securityMultiple APT Actors Exploiting Microsoft Exchange Email Servers Vulnerability to Take Over...

Multiple APT Actors Exploiting Microsoft Exchange Email Servers Vulnerability to Take Over the Server

cyber securityMicrosoft

Published on

By Gurubaran
exchange email servers

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

Multiple APT actors attempting to exploit recently patched remote code execution bug in exchange email servers. The vulnerability can be tracked as CVE-2020-0688. It affects all versions of the exchange server.

The bug resides in the Exchange Control Panel (ECP) component, which can be used to manage mailboxes, Distribution Groups, Contacts at the mailbox level and several other objects at the Organization level.

Attackers Exploiting CVE-2020-0688

The vulnerability allows attackers to gain access to Exchange servers in an organization with a simple user login credentials or by using an old service account.

https://twitter.com/GossiTheDog/status/1232372452648521728

Security researchers from Volexity observed multiple threat actor groups brute-force credentials leveraging Exchange Web Services (EWS) to exploit the vulnerability.

According to Microsoft the bug was due to a memory corruption vulnerability and could be exploited by an attacker by sending a crafted email sent to a vulnerable Exchange server.

The flaw resides in the Exchange Control Panel (ECP) component which fails to properly validate the unique keys at install time.

“Knowledge of the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.”

“The nature of the bug is quite simple. Instead of having randomly-generated keys on a per-installation basis, all installations of Microsoft Exchange Server have the same validation key and decryption key values in the web.config,” reads Zerodayinitiative.

An attacker could place malicious files and tools in any number of places, mostly attacks start by placing a web shell on Exchange servers.

Microsoft patched the vulnerability in February 2020, users are recommended to apply the updates for addressing the vulnerability.

Users are recommended to update the credentials at regular intervals and to enable 2FA which may prevent the attack from being successful.

Read More

Turla APT Hackers Attack Microsoft Exchange Server using Powerful Malware to Spying on Emails

Microsoft Releases Security Advisory for Privilege Escalation Vulnerability With Exchange Server

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CVE/vulnerability

PoC Exploit Released for TP-Link Code Execution Vulnerability(CVE-2024-54887)

A security researcher, exploring reverse engineering and exploit development, has successfully identified a critical...
CVE/vulnerability

Brave Browser Vulnerability Allows Malicious Website Appears as Trusted One

A security vulnerability has been identified in Brave Browser, potentially allowing malicious websites to...
Cyber Security News

Beware! Fake SBI Reward APK Attacking Users to Deliver Android Malware

A recent phishing campaign has targeted customers of SBI Bank through a deceptive message...
Cyber Security News

Gootloader Malware Employs Blackhat SEO Techniques To Attack Victims

The Gootloader malware family employs sophisticated social engineering tactics to infiltrate computers.By leveraging...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

Cyber Security News

Microsoft Rolls Out New Administrator Protection Feature Under Windows Security

Microsoft has announced the release of Windows 11 Insider Preview Build 27774 to the...
cyber security

New Contacto Ransomware Evades AV Detection & Uses Windows Console for Execution

In early January 2025, a new ransomware strain identified as Contacto surfaced, showcasing advanced...
Cyber Crime

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved