On 13.02.2020, Microsoft Updates for all Exchange servers Versions for the vulnerability CVE-2020-0688 has been published. If you have not already done so, you should install the update as soon as possible, as it is now known how the vulnerability can be exploited. Although an attacker must first authenticate himself on the Exchange Server, it is then possible to take control of the Exchange Server. As Exchange servers have very extensive authorizations in the Active Directory, it is quite conceivable that the vulnerability described could also be used to take over other parts of the network.
The following page describes what exactly the problem is and how the vulnerability can be exploited:
The following video (also from the page linked above) shows the exploitation of the vulnerability:
Incidentally, most WAFs are also powerless in this case, because exploiting the gap is not recognized as an attack, at least by the Sophos UTM WAF and the Kemp WAF.
Die Schwachstelle steckt übrigens im Exchange Admin Center (/ecp). Wenn das Exchange Admin Center nicht aus dem Internet erreichbar ist, kann diese Lücke übrigens zumindest nicht aus dem Internet ausgenutzt werden. Der Zugriff auf das Exchange Admin Center lässt sich bei Exchange 2019 Servern mittels „Client Access Rules“ steuern:
https://www.frankysweb.de/exchange-2019-client-access-rules/
This works slightly differently for Exchange 2016: