61% Microsoft Exchange Servers Are Unpatched, Vulnerable to Attack

HealthITSecurity.com

Jessica Davis

The majority of Microsoft Exchange Servers have yet to be updated with a patch for a critical memory corruption vulnerability reported earlier this year, according to Rapid7. These unpatched servers are highly vulnerable to attack.

About eight months ago, Microsoft released a software update for CVE-2020-0688: a vulnerability found in the Exchange mail and calendaring control panel that fails to properly create unique keys during installation. With knowledge of the validation key, an authenticated user with a mailbox can employ “arbitrary objects to be deserialized by the web application, which runs as SYSTEM.”

At the time, the tech giant, the National Security Agency, and the...

Get the Morning Update

Thanks for subscribing!