ALERT: CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server

An easy to use exploit, have been discovered for Exchange 2010, 2013, 2016 and 2019, patch now.

If you have a login for a normal user, you can execute code on the server as “SYSTEM” account through Exchange Control Panel (ECP)!:

Read more and see video:

https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys

Microsoft patch:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close