image credit: freepick
Hackers have started scanning the Internet for Microsoft Exchange Server instances that are affected by a remote code execution vulnerability patched earlier this month.
Tracked as CVE-2020-0688, the security flaw exists when the server fails to properly create unique cryptographic keys at the time of installation.
The issue resides in the Exchange Control Panel (ECP) component and consists of Exchange Server installations having the same validationKey and decryptionKey values in web.config, instead of using randomly-generated keys, Zero Day Initiative (ZDI) security researchers explain.
Comments are closed.
