Microsoft patched around 99 important/critical vulnerabilities in their most recent February Patch Tuesday. Among those vulnerabilities was a critical vulnerability (CVE-2020-0688) affecting all versions of Microsoft Exchange, which allows attackers to remotely execute code through ViewState. ViewState is server-side data that ASP.NET web applications store in serialized form on the client. The vulnerability to ViewState stems from the fact that instead of generating unique validationKey and decryptionKey values during install, all versions of Exchange leading up to this patch had the same key values. These keys are used to provide security to ViewState. By leveraging these static keys, as well as any user account that can log into an Exchange server, attackers can remotely execute code with the same level of privileges that the Exchange server runs at–which is System.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in