06.04.2020
80 % of Exchange servers vulnerable to attack
The Rapid7 research team has found that more than 350,000 Exchange Servers lack a critical patch that could allow a remote attacker to turn any stolen Exchange user account into a complete system compromise. Rapid7 urges Exchange Administrators and infosec teams to verify deployment of the update and check for signs of compromise.
The vulnerability was first reported by Trend Micro’s Zero Day Initiative early 2020. Microsoft already released security updates in February to address the remote-code-execution vulnerability (CVE-2020-0688). However the vast majority of these servers remain unpatched, according to findings from the Rapid7 Sonar Project.
Adding to this, Rapid7 discovered that the CVE-2020-0688 update (Rollup 30) for Exchange 2010 does not update the any visible build information to match the version documented in the software update. And advises organizations that are using Exchange and are in doubt whether it has been correctly updated, to take action immediately.