Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Microsoft Exchange Validation Key Remote Code Execution Vulnerability
Image
Published : 27/02/2020
Reference:
Advisory #2020-005
Version:
1.0
Affected software:
Microsoft Exchange
Type:
Remote Code Execution (RCE)
CVE/CVSS:
- CVE-2020-0688 - 8.8
Sources
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
https://www.zerodayinitiative.com/advisories/ZDI-20-258/
Risks
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability.
Description
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
The specific flaw exists within the Exchange Control Panel web application. The product fails to generate a unique cryptographic key at installation which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Recommended Actions
Microsoft released patches for the different versions of Microsoft Exchange affected by this vulnerability. CERT.be recommends installing these patches as soon as possible after proper testing. The patches are available here.