Cybersecurity firm Volexity is warning that a serious security vulnerability in Microsoft Exchange is being actively exploited by bad actors.
The vulnerability in question was addressed as part of Patch Tuesday on February 11, 2020. The cumulative update and service pack “addressed a remote code execution vulnerability found in Microsoft Exchange 2010, 2013, 2016, and 2019. The vulnerability was discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro’s Zero Day Initiative. Two weeks after the security updates were released, the Zero Day Initiative published a blog post providing more details on the vulnerability.”
Since the Zero Day Initiative published its post, Volexity has witnessed advanced persistent threat (APT) actors exploiting this vulnerability in the wild. In an interview with Forbes’ Zack Doffman, Volexity said that “all the cases we’ve seen so far have been based out of China—multiple different Chinese-based APTs.”
Volexity concluded by saying that “the latest Microsoft Exchange ECP vulnerability has provided attackers with another opportunity to break into organizations where they may previously have been unsuccessful. Staying current with patches is the best defense for an organization. Fortunately, this vulnerability does require a compromised credential to exploit and, as a result, will stave off widespread automated exploitation such as those that often deploy cryptocurrency miners or ransomware. However, more motivated attackers now have a way to compromise a critical piece of the IT infrastructure if it is not updated. If you have not already, apply these security updates immediately and look for signs of compromise.”
As Volexity highlights, the best defense is to make sure Exchange is patched with the latest security updates and keep installations current.