Hackers based out of China have been working exploit a vulnerability within the Microsoft Exchange email servers. This vulnerability, which Microsoft though they fixed, was thought to be patched back in February. The issue? A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.
Microsoft is now planning to implement multi-factor authentication for protecting enterprise systems, and to safeguard the user credentials. The problem is that despite deploying multi-factor authentication, it is still possible to compromise the system using any basic credentials. This means, even if the vulnerability has been fixed, the server isn’t yet secure unless you have patched it.
Check out the article at:
Hackers are exploiting critical vulnerability in Microsoft Exchange server
LIS 4022 Spring 2020 