HealthcareCISO

The majority of Microsoft Exchange Servers have yet to be updated with a patch for a critical memory corruption vulnerability reported earlier this year, according to Rapid7. These unpatched servers are highly vulnerable to attack.

About eight months ago, Microsoft released a software update for CVE-2020-0688: a vulnerability found in the Exchange mail and calendaring control panel that fails to properly create unique keys during installation. With knowledge of the validation key, an authenticated user with a mailbox can employ “arbitrary objects to be deserialized by the web application, which runs as SYSTEM.”

At the time, the tech giant, the National Security Agency, and the...