In Microsoft Exchange servers, researchers report that various vulnerabilities are being deliberately exploited. The vulnerability allows authenticated attackers to remotely execute code with system privileges, when left unpatched.
In the control panel for Exchange, Microsoft mail server, and calendar server the bug (CVE-2020-0688) in question exists, and has been patched in the February Patch updates to Microsoft. In a Friday advisory, however, researchers said unbundled servers are exploited extensively by anonymous APT actors.
We have seen that many Chinese APT members exploit or try to exploit this bug, "said Steve Adair, founder and chairman of Volexity. I suspect, however, that this vulnerability is now owned by operators around the world, and some businesses that have not patched or patched quickly enough will unfortunately pay the price.
Since Microsoft fixed the bug in February, researchers provided more data on the flaw with the Zero Day Initiative (ZDI), which revealed first the vulnerability. And on March 4, Rapid7 launched an attack module in the Metasploit penetration test case.
More Details :- https://www.hackers-review.tech/2020/03/several-apt-organizations-are-secretly.html
