CATEGORIES
home News

NSA Warns Of Serious Microsoft Exchange Server Exploit, Here's How To Protect Yourself

by Paul LillyTuesday, March 10, 2020, 12:30 PM EDT
Hacking
The United States National Security Agency (NSA from here on out) is warning of a vulnerability in Microsoft Exchange Server that could allow an attacker with email credentials to launch a remote attack on a target system, enabling them to execute commands. It affects multiple versions of Microsoft Exchange Server.

"A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. The security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install," Microsoft stated in a security advisory.

Microsoft has issued a patch, and anyone running an affected version of Microsoft Exchange Server would be wise to install it. Hackers know about the vulnerability and are apparently actively exploiting the security flaw. Hence why the NSA decided to post a Twitter message reminding users that this vulnerability exists.

Lest anyone overlook this, a source as the U.S. Department of Defense (DoD) told ZDNet that hacking groups targeting this attack vector include "all the big players," though the agency stopped short of naming the groups.

This was echoed by UK cybersecurity firm Volexity, which pointed to a blog post by the Zero Day Initiative that outlined the vulnerability. It was shortly after the blog post was published that attacks in the wild began.

"Volexity has observed multiple APT actors exploiting or attempting to exploit on-premise Exchange servers. In some cases the attackers appear to have been waiting for an opportunity to strike with credentials that had otherwise been of no use. Many organizations employ two-factor authentication (2FA) to protect their VPN, e-mail, etc., limiting what an attacker can do with a compromised password. This vulnerability gives attackers the ability to gain access to a significant asset within an organization with a simple user credential or old service account. This issue further underscores why changing passwords periodically is a good best practice, regardless of security measures like 2FA," Volexity says.

So, what can you do? For one, install the available patch. Volexity also recommends to place access control list (ACL) restrictions on the ECP virtual director in IIS and/or via any web applications firewall capability—only users who specifically need access should have it. That means disabling access from the internet and restriction which IPs within an organization can reach it.

Enabling 2FA can also serve as a buffer. In addition, updating passwords periodically is recommended as well, "despite various guidance about passwords never needing to be changed."
Tags:  Microsoft, security, Hacking, (nasdaq:msft), microsoft exchange server
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment