Threat Watch

Share on facebook
Share on twitter
Share on linkedin

Flaw in Exchange Allows Attackers to Easily Execute Code:

Microsoft patched around 99 important/critical vulnerabilities in their most recent February Patch Tuesday. Among those vulnerabilities was a critical vulnerability (CVE-2020-0688) affecting all versions of Microsoft Exchange, which allows attackers to remotely execute code through ViewState.  ViewState is server-side data that ASP.NET web applications store in serialized form on the client. The vulnerability to ViewState stems from the fact that instead of generating unique validationKey and decryptionKey values during install, all versions of Exchange leading up to this patch had the same key values. These keys are used to provide security to ViewState. By leveraging these static keys, as well as any user account that can log into an Exchange server, attackers can remotely execute code with the same level of privileges that the Exchange server runs at–which is System.

ANALYST NOTES

While Binary Defense understands that some businesses may not be able to update all systems to the latest Security Patch due to broken dependencies, Binary Defense recommends patching any vulnerable Exchange server with the Security Updates listed here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 . Additionally, Binary Defense recommends rotating all validationKey and decryptionKeys used by the Exchange Server. https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.