Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mercredi 26 février 2020

Microsoft Exchange Server - Remote Code Execution Vulnerability (CERT-EU Security Advisory 2020-010)

Microsoft released a fix for a remote code execution vulnerability in Microsoft Exchange (CVE-2020-0688). The vulnerability exists because Exchange fails to create unique cryptographic keys at installation time, leading to all Exchange servers using the same "validationKey" and "decryptionKey" values. Knowledge of a the validation key allows an authenticated user with a mailbox on the server to pass arbitrary objects to be deserialized by the web application. That runs as "SYSTEM", leading to remote code execution with the highest privileges. On February 25th 2020, Zero Day Initiative released a blog post detailing how to exploit the vulnerability. Any user with an account on an Exchange server can easily exploit the remote code execution vulnerability. Some researchers point-out that scanning for vulnerable Exchange servers is ongoing.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 240


Événements SSI