Monday, June 24, 2024
-Advertisement-
Education Sabha
Education Sabha
Education Sabha
Education Sabha
HomeNewsCyber SecurityMicrosoft Exchange Server bug target of state-sponsored hackers

Microsoft Exchange Server bug target of state-sponsored hackers

Follow Tech Observer on Google News
Google News

LONDON: London-based said that several state-sponsored hacking groups are exploiting a vulnerability in Exchange Server that the company patched in February.

The company claimed that they have identified the vulnerability — CVE-2020-0688 — exploited in the wild by advanced persistent threat (APT) actors. The vulnerability was first discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro's Zero Day Initiative.

“Two weeks after the security updates were released, the Zero Day Initiative published a blog post providing more details on the vulnerability. The post made it clear that an attacker could exploit a vulnerable Server if the three criteria are not met,” said the Volexity Threat Research team in a statement.

“The had not been patched since February 11, 2020; The Exchange Control Panel (ECP) interface was accessible to the attacker and the attacker has a working credential that allows them to access the Exchange Control Panel in order to collect the ViewState Key,” the security researchers noted.

Volexity has observed multiple APT actors exploiting or attempting to exploit on-premise Exchange servers. In some cases, the attackers appear to have been waiting for an opportunity to strike with credentials that had otherwise been of no use.

Many organisations employ two-factor authentication (2FA) to protect their VPN, e-mail, etc., limiting what an attacker can do with a compromised password.

“This vulnerability gives attackers the ability to gain access to a significant asset within an organization with a simple user credential or old service account,” said security researchers.

Volexity Has Observed Multiple Apt Actors Exploiting Or Attempting To Exploit On-Premise Exchange Servers.
Volexity has observed multiple APT actors exploiting or attempting to exploit on-premise Exchange servers. (Photo: Volexity)

This issue further underscores why changing passwords periodically is a good best practice, regardless of security measures like 2FA. Microsoft was yet to react to the Volexity report.

According to Volexity, the most obvious way to address this vulnerability is to apply the security updates made available from Microsoft on February 11, 2020. In addition, the company advised to place access control list (ACL) restrictions on the ECP virtual directory in IIS and/or via any web application firewall capability.

Cybersecurity firm said that it recommends that the ECP directory not be accessible to anyone that does not specifically need to access it. Ideally, this means disabling access from the Internet and even restricting which IPs within an organization can reach it.

Get the day's headlines from Tech Observer straight in your inbox

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
Tech Observer Desk
Tech Observer Desk
Tech Observer Desk at TechObserver.in is a team of technology reporters led by a senior editor who brings latest updates and developments from the world of technology.
- Advertisement -
Education Sabha
Education Sabha
Education Sabha
Education Sabha
- Advertisement -Education Sabha
- Advertisement -EmpowerFest 2024
- Advertisement -
- Advertisement -ESDS SAP Hana

Subscribe to our Newsletter

83000+ Industry Leaders read it everyday

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -

We are seeing triple-digit growth in India: Veeam India chief Sandeep Bhambure

"We are seeing triple-digit growth in areas like SaaS workload protection and Microsoft 365 data protection,” said Sandeep Bhambure, Vice President and Managing Director, Veeam India & SAARC.

RELATED ARTICLES