Cybersecurity firm Volexity is warning that nation-state actors are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers tracked as CVE-2020-0688. The vulnerability resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time. Microsoft lists this with an Exploit Index of 1, which means they expect to see exploits within 30 days of the patch release. The experts did not provide details on the threat actors that are exploiting the vulnerability.”]
Source: https://securityaffairs.co/wordpress/99214/hacking/hackers-cve-2020-0688-microsoft-exchange.html