As part of their Patch Tuesday schedule, Microsoft recently released updates for a remote code execution vulnerability affecting Exchange 2010, 2013, 2016 and 2019 (CVE-2020-0688). Two weeks after a patch was released, Trend Micro’s Zero Day Initiative released a blog post with more even more details, including the conditions needed to exploit the vulnerability. According to the cybersecurity company Volexity, multiple APT actors have begun exploiting or attempting to exploit on-premise installations of Exchange servers. Volexity also stated that actors appeared to use previously stolen credentials in some of the attacks.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that