61% Microsoft Exchange Servers Are Unpatched, Vulnerable to Attack
The majority of Microsoft Exchange Servers have yet to be updated with a patch for a critical memory corruption vulnerability reported earlier this year, according to Rapid7. These unpatched servers are highly vulnerable to attack.
About eight months ago, Microsoft released a software update for CVE-2020-0688: a vulnerability found in the Exchange mail and calendaring control panel that fails to properly create unique keys during installation. With knowledge of the validation key, an authenticated user with a mailbox can employ “arbitrary objects to be deserialized by the web application, which runs as SYSTEM.”
At the time, the tech giant, the National Security Agency, and the...