Η Microsoft products recently corrected a critical remote code execution error in Microsoft Exchange Server. This error allows hackers to use accounts Exchange users to breach the system. More specifically, this error is found in the Exchange control panel (ECP), which can be used for management mailboxes, distribution teams, contacts from the mailbox and other items related to the organization level. According to research conducted by Rapid 7 with Project Sonar, more than 350.000 Exchange Servers that displayed this error were exposed to the Internet. The Project Sonar is a tool used by the security company to conduct various online surveys services and protocols to detect any errors.
The results of the research conducted by Rapid 7 with Project Sonar showed that more than 430.000 Exchange Servers were found to be connected to Internet, while at least 360.000 of them, or about 82.5%, made a mistake. The company said the remote and uncertified control however, it does not provide exact details about these data and therefore cannot be absolutely certain of the results. He also noted that the relevant update security Microsoft does not always update the build number, which leads to uncertainty. The company also said that more than 30.000 Exchange Servers of 2010 have been updated since 2012, while 800 Exchange Servers have never been updated.
Already many APT hackers attempt to exploit a remote code execution error detected on exchange email servers and recently received patches. According to Microsoft, the error was due to a vulnerability in the memory of the Microsoft Exchange, which could be used by hackers, by sending malicious messages. emails on vulnerable Exchange Servers. Microsoft has fixed it vulnerability in February 2020, advising users to make the appropriate updates to address it.