Michael Bianchi
Senior Solutions Architect
Microsoft recently disclosed a vulnerability that impacts all versions of Exchange. This vulnerability has to do with a key that is generated when Exchange is installed. The key is not unique to each installation and can be used by an authenticated user to execute remote code. NOTE: an attacker must first authenticate before the vulnerability is available to exploit.
The vulnerability requires an authenticated user to have access to the Exchange Control Panel (ECP) web console. If this URL is not externally accessible, or if multi-factor authentication is in place, the risk of exploitation is significantly reduced.
Microsoft has released patches for all Exchange versions which can be found here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
Be sure to snapshot servers before patching, or apply the patch in a lab environment before rolling out to production servers. If you would like additional assistance or consultative consulting from the Helient professionals, please contact service@helient.com.