Microsoft Again Urges Exchange Server Patch, as Attacks Resurge
DHS first alerted to an increase in attacks on a critical Microsoft Exchange server vulnerability in March. The tech giant issued a repeat warning, as researchers have detected a resurgence in attacks.
Microsoft is once again urging organizations to apply a patch to a critical vulnerability found in some Exchange Servers. The Department of Homeland Security first alerted to a surge in attacks on the CVE-202-0688 flaw by advanced persistent threat actors in March.
The flaw is found the Exchange mail and calendaring server control panel, which fails to properly create unique keys during its install. If an attacker has knowledge of the validation key, an authenticated user with a mailbox can pass “arbitrary objects to be deserialized by the web application, which runs as SYSTEM.”
The vulnerability is...