Hackers have begun to exploit the vulnerability that caused the same encryption key to be used on all servers that use Microsoft Exchange.
According to researchers at British security company Volexity, a group of government-backed hackers have begun to exploit a vulnerability found in older versions of Microsoft Exchange.
The vulnerability, which goes under the designation CVE-2020-0688, was blocked by Microsoft a month ago. In short, this is a bug that allows the same encryption key to be used on all servers that use Microsoft Exchange, which allows hackers to relatively easily gain control of the systems and run malicious code if desired.
According to experts that Zdnet has been in contact with, it is probably only a matter of time before the bug will be used by other hackers, for example to spread hostage programs and other scams.
As usual, the best solution to protect yourself is to install the latest security fixes as quickly as possible.
