Multiple government-backed hacking groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers.
The exploitation attempts were first spotted by UK cyber-security firm Volexity on Friday and confirmed today to ZDNet by a source in the DOD.
Volexity did not share the names of the hacking groups exploiting this Exchange vulnerability. Volexity did not return a request for comment for additional details.
The DOD source described the hacking groups as “all the big players,” also declining to name groups or countries.
The Microsoft Exchange vulnerability
These state-sponsored hacking groups are exploiting a vulnerability in Microsoft Exchange email servers that Microsoft patched last month, in the February 2020 Patch Tuesday.
The vulnerability is tracked under the identifier of CVE-2020-0688. Below is a summary of the vulnerability’s technical details:
- During installation, Microsoft Exchange servers fail to create a unique cryptographic key for the Exchange control panel.
- This means that all