Show vulnerabilities with patch / with exploit
8 April 2020

Over 350,000 Microsoft Exchange servers remain vulnerable to critical bug


Over 350,000 Microsoft Exchange servers remain vulnerable to critical bug

Over 350,000 Microsoft Exchange servers are still exposed to a critical remote execution flaw (CVE-2020-0688), even though Microsoft has addressed this bug nearly two months ago.

The vulnerability in question resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time. A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.

An internet-wide scan conducted by Rapid7 researchers revealed that at least 357,629 (82.5%) of the 433,464 observed Exchange servers are still vulnerable.

Furthermore, the research showed that over 31,000 Exchange 2010 servers have not been updated since 2012, nearly 800 Exchange 2010 servers have never been updated, and there are concerning numbers of Exchange 2007 servers (10,731) and Exchange 2010 servers (more than 166,000). The former version is no longer supported, and the latter will reach end of support in October 13, 2020.

As researchers pointed out, Exchange 2007 is not affected by the CVE-2020-0688 vulnerability, but if it did, it would not have been fixed.

“There are two important efforts that Exchange administrators and InfoSec teams need to make: verify the deployment of the update and look for signs of compromise. The update for CVE-2020-0688 needs to be installed on any server with the Exchange Control Panel (ECP) enabled. This will typically be servers with the Client Access Server (CAS) role, which is where your users would access Outlook Web App (OWA),” Rapid7 Labs senior manager Tom Sellers explained.

Back to the list

Latest Posts

REvil ransomware group announces its first ever stolen data auction

REvil ransomware group announces its first ever stolen data auction

REvil ransomware operators escalate their extortion tactics.
3 June 2020
Apple fixes recent iPhone “unc0ver” jailbreak flaw

Apple fixes recent iPhone “unc0ver” jailbreak flaw

The vendor issued the security patches less than a week after the hackers have released jailbreak tool called “Unc0ver”.
3 June 2020
DopplePaymer ransomware operators leak NASA-related files allegedly stolen from DMI

DopplePaymer ransomware operators leak NASA-related files allegedly stolen from DMI

The gang says it breached the network of one of NASA IT contractors.
3 June 2020
Featured vulnerabilities
MitM attack in GnuTLS
Medium Patched | 04 Jun, 2020
Spoofing attack in Docker
Medium Patched | 03 Jun, 2020
Information disclosure in GitLab
Medium Patched | 03 Jun, 2020
Multiple vulnerabilities in Google Chrome
High Patched | 03 Jun, 2020
Privilege escalation in ABB Central Licensing System
Medium Not Patched | 03 Jun, 2020