Sunday, February 21, 22:53
Home security Thousands of Microsoft Exchange servers are vulnerable to RCE vulnerabilities

Thousands of Microsoft Exchange servers are vulnerable to RCE vulnerabilities

Microsoft Exchange servers

More than 247.000 Microsoft Exchange servers need to be informed to deal with vulnerability CVE-2020-0688, which allows remote code execution (RCE) and affects all Exchange Server versions.

RCE Vulnerability CVE-2020-0688 is located at Exchange Control Panel (ECP) component - which is enabled by default - and can be used by attackers who want to take control of vulnerable Exchange servers through valid e-mail credentials.

Η Microsoft fixed the vulnerability in the Patch Tuesday of February 2020 and had informed them users that this is a vulnerability very attractive to them hackers.

In March, both the CISA As well as the NSA urged organizations and companies to update their Microsoft Exchange servers as soon as possible, as many APT groups were already beginning to exploit the vulnerability.

61% of servers that are vulnerable have not been fixed

The number of exposed Microsoft Exchange servers is very large. 61,10% (247,986 out of 405,873 in total) of vulnerable servers are still exposed to ongoing attacks.

Security researchers Rapid7 found that 87% of 138.000 Exchange 2016 servers and 77% of approximately 25.000 Exchange 2019 servers were exposed to vulnerability CVE-2020-0688.

Also vulnerable, according to Rapid7, are 16.577 Exchange 2007 servers accessible via the Internet. This is a version that is no longer supported, so it has not received any updates security.

Users must update Microsoft Exchange servers

IT staff and system administrators should update Exchange servers and check for signs violation.

According to Bleeping Computer, Microsoft has stressed that there is no alternative way to mitigate the risk associated with CVE-2020-0688 vulnerability. All users can do to protect themselves is to install the updates.

In the table below, there are links that lead to updates security for vulnerable versions of Microsoft Exchange Server:

ProductArticleDownload
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 304536989Security Update
Microsoft Exchange Server 2013 Cumulative Update 234536988Security Update
Microsoft Exchange Server 2016 Cumulative Update 144536987Security Update
Microsoft Exchange Server 2016 Cumulative Update 154536987Security Update
Microsoft Exchange Server 2019 Cumulative Update 34536987Security Update
Microsoft Exchange Server 2019 Cumulative Update 44536987Security Update

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...