“The bug allows authenticated attackers remotely execute arbitrary code with SYSTEM privileges and completely compromise the vulnerable server”, – describe the problem Microsoft experts.ĭemonstration of the problem with using static cryptographic keys on an unpatched server has already been published by Zero Day Initiative (see video below). The problem is related to the operation of the Exchange Control Panel (ECP) component and the inability of Microsoft Exchange to create unique cryptographic keys during installation. Information security experts warn that hackers are already scanning the network for Microsoft Exchange servers that are vulnerable to CVE-2020-0688, which Microsoft developers fixed two weeks ago.
0 kommentar(er)
