On February 11th of this year, Microsoft released a patch that addressed a vulnerability in Microsoft Exchange Server. The flaw— the server could fail to properly create unique validation keys— allows an authenticated user to execute code remotely with SYSTEM privileges. Bad actors are now targeting Microsoft Exchange Servers where the patch has not been applied.
If exploited, this vulnerability could give someone complete access to fully compromise your Exchange server. This means an outsider would have full access to divulge or falsify corporate email communication.
An example of how bad actors might find their way into your organization is to identify the email server URL, identify an employee’s email address and programmatically attempt to log in with passwords until they find the right one. Easy ways to identify this information from the outside include searching for employees on LinkedIn or searching the company’s website for contact email addresses. _(Note: To help minimize risk, Southwest Cyber Systems recommends updating company websites to remove any employee email addresses.)_
While Microsoft labeled the patch (CVE-2020-0688) as “Important”, the uptick in active scanning across the Internet for this vulnerability deems that applying the patch should be treated as “Critical”.
Bottom line, the bad guys are watching these patch releases and they are acting on them. You should be applying updates and security patches as part of your regular maintenance. Any critical patches should be considered a high priority in your organization and applied immediately.