fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Over 247K Exchange Servers Unpatched For Actively Exploited Flaw

Over 247K Exchange Servers Unpatched For Actively Exploited Flaw

More than 247,000 Microsoft Exchange servers are yet to be patched against the CVE-2020-0688 post-auth remote code execution (RCE) vulnerability impacting all Exchange Server versions under support.

The CVE-2020-0688 RCE flaw exists in the Exchange Control Panel (ECP) component — enabled in default configurations — and it enables potential attackers to remotely take over vulnerable Exchange servers using any valid email credentials.

Microsoft addressed the security issue as part of the February 2020 Patch Tuesday and tagged it with an ‘Exploitation More Likely’ exploitability index assessment, suggesting that the vulnerability is an attractive target for attackers.

Cyber-security firm Rapid7, added an MS Exchange RCE module to the Metasploit penetration testing framework it develops on March 4, after several proof-of-concept exploits surfaced on GitHub.

One week later, both CISA and the NSA urged organizations to patch their servers against the CVE-2020-0688 flaw as soon as possible given that multiple APT groups were already actively exploiting it in the wild.

Over 61% of servers vulnerable to exploitation not patched

In an update to a previous report on the number of exposed Exchange servers vulnerable to attacks attempting to exploit the CVE-2020-0688 vulnerability, Rapid7 once again made use of its Project Sonar internet-wide survey tool for another headcount.

And the numbers are almost as grim as they were before, with 61.10% (247,986 out of a total of 405,873) of vulnerable servers (i.e., Exchange 2010, 2013, 2016, and 2019) still being left unpatched and exposed to ongoing attacks.

The company’s researchers found that 87% of almost 138,000 Exchange 2016 servers and 77% of around 25,000 Exchange 2019 servers were left exposed to CVE-2020-0688 exploits, and that roughly 54,000 Exchange 2010 servers “have not been updated in six years.”

Rapid7 also discovered 16,577 Exchange 2007 servers reachable over the Internet, an unsupported Exchange version that did not receive security updates to protect against CVE-2020-0688 attacks.

Exchange servers unpatched against CVE-2020-0688
Part of Rapid7’s CVE-2020-0688 scan (Rapid7)

Also Read: Free 8 Steps Checklist for Companies to Prevent Data Breach

Patching Exchange servers against CVE-2020-0688

“There are two important efforts that Exchange Administrators and infosec teams need to undertake: verifying deployment of the update and checking for signs of compromise,” Rapid7 Labs senior manager Tom Sellers explains.

Compromised accounts used in attacks against Exchange servers can easily be discovered by checking Windows Event and IIS logs for parts of encoded payloads including the “Invalid viewstate” text or the __VIEWSTATE and __VIEWSTATEGENERATOR strings for requests to a path under /ecp (usually /ecp/default.aspx).

As Microsoft said that there are no mitigation measures for the CVE-2020-0688 vulnerability, the only choice left is to patch servers before attackers find them and fully compromise the entire network they’re on — unless admins have the time and are willing to reset all accounts’ passwords to render previously stolen credentials worthless.

Direct download links to security updates you need to install to patch vulnerable Microsoft Exchange Server versions and the related KB articles are listed in the table below:

ProductArticleDownload
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 304536989Security Update
Microsoft Exchange Server 2013 Cumulative Update 234536988Security Update
Microsoft Exchange Server 2016 Cumulative Update 144536987Security Update
Microsoft Exchange Server 2016 Cumulative Update 154536987Security Update
Microsoft Exchange Server 2019 Cumulative Update 34536987Security Update
Microsoft Exchange Server 2019 Cumulative Update 44536987Security Update

Also Read: The Impact of GDPR and PDPA in Singapore

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us