On 13.02.2020, Microsoft Updates for all Exchange servers Versions for the vulnerability CVE-2020-0688 has been published. If you have not already done so, you should install the update as soon as possible, as it is now known how the vulnerability can be exploited. Although an attacker must first authenticate himself on the Exchange Server, it is then possible to take control of the Exchange Server. As Exchange servers have very extensive authorizations in the Active Directory, it is quite conceivable that the vulnerability described could also be used to take over other parts of the network.
The following page describes what exactly the problem is and how the vulnerability can be exploited:
The following video (also from the page linked above) shows the exploitation of the vulnerability:
Incidentally, most WAFs are also powerless in this case, because exploiting the gap is not recognized as an attack, at least by the Sophos UTM WAF and the Kemp WAF.
Incidentally, the vulnerability is in the Exchange Admin Center (/ecp). If the Exchange Admin Center is not accessible from the Internet, this vulnerability cannot be exploited from the Internet. Access to the Exchange Admin Center can be controlled on Exchange 2019 servers using "Client Access Rules":
https://www.frankysweb.de/exchange-2019-client-access-rules/
This works slightly differently for Exchange 2016:
Man kann den Zugriff auf das ECP von Exchange von außen auch über die UTM ausschalten, und zwar mit der Access Control im WAF
3 Maschinen gepatcht. Alles gut.
Die Downlod-Seite für de-de ist nicht verfügbar.
Wie lange ist das schon so?