caution wrapped around head image

Urging resellers to PATCH client servers ASAP!

Published by : Mitol on 01 March 2020

Cybersecurity experts have issued a warning that attackers are probing to exploit vulnerable Microsoft Exchange Servers and by doing so this could very well become a vector for ransomware groups in coming months. 

We are urging all our Mitol resellers to PATCH ASAP any supported version of 2010, 2013, 2016 and 2019 for businesses and organisations running on on-premises Microsoft Exchange Servers. Microsoft Exchange Validation Key Remote Code Execution Vulnerability  CVE-2020-0688 Exploitation as classified by Microsoft. To give you an overview of the vulnerability, the CVE-2020-0688 vulnerability affects the ECP (Exchange Control Panel) component, consequently affecting all installations of Exchange Server because, until the most recent patch, all exchange servers had the same validation key and algorithm by default.

You can watch Trend Micro ‘sand Zero Day Initiative’s video demonstrating the CVE-2020-0688 remote code execution bug in Microsoft Exchange here 

ZDI security researcher Simon Zuckerbraun reiterated that the flaw should be rated as critical in The February 2020 Security Update Review.

It’s important to be aware that attackers probing for vulnerable servers have already begun if you as a reseller have not conducted security patches in the month of February be sure to take a break from your regularly scheduled activities and start patching immediately making sure that you back up your database first using our backup solution. Call us today for further information and assistance on 01904 737 528