Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Microsoft Exchange Validation Key Remote Code Execution Vulnerability
Image
Veröffentlicht : 27/02/2020
Reference:
Advisory #2020-005
Version:
1.0
Affected software:
Microsoft Exchange
Type:
Remote Code Execution (RCE)
CVE/CVSS:
- CVE-2020-0688 - 8.8
Sources
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
https://www.zerodayinitiative.com/advisories/ZDI-20-258/
Risks
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability.
Description
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
The specific flaw exists within the Exchange Control Panel web application. The product fails to generate a unique cryptographic key at installation which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Recommended Actions
Microsoft released patches for the different versions of Microsoft Exchange affected by this vulnerability. CERT.be recommends installing these patches as soon as possible after proper testing. The patches are available here.