It was recently reported that government-backed groups are exploiting CVE-2020-0688 to take over Exchange email servers. The exploitation attempts were first spotted by UK cyber-security firm Volexity on Friday and confirmed today to ZDNet by a source in the DOD.
After social engineering, taking advantage of unpatched public-facing systems is one of the major root causes through which attackers get into organisations. It\’s not uncommon for organised criminals and nation-state actors to keep an eye on newly released patches and take advantage of the vulnerabilities before organisations have a chance to fix them. In the first instance organisations should look to apply patches, but this isn\’t always practical or feasible, so in the interim, they should consider alternative compensating controls including additional monitoring and threat detection.