Login

Register

Login

Register


The US National Security Agency (NSA) has taken to Twitter to warn followers of a vulnerability in Microsoft Exchange Servers.

“A remote code execution vulnerability (CVE-2020-0688) exists in Microsoft Exchange Servers. If unpatched, an attacker with email credentials can execute commands on your server,” the tweet read.

The vulnerability, found in the Exchange Control Panel (ECP) component, is caused by the Exchange’s inability to create a unique cryptographic key upon installation.

According to Bleeping Computer, the Redmond software giant released a patch for the flaw last month. But multiple organisations, including cybersecurity firm Volexity and the US Department of Defence, have confirmed the exploit is being abused in the wild.

Simon Zuckerbraun, security researcher at Zero Day Initiative, believes that an attacker could exploit the vulnerability to “take over the Exchange server.”

“Having accomplished this, an attacker would be positioned to divulge or falsify corporate email communications at will. Accordingly, if you’re an Exchange Server administrator, you should treat this as a Critical-rated patch and deploy it as soon as your testing is complete,” he advised.



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW