CVE-2020-0688: Microsoft Exchange Validation Key Remote Code Execution Vulnerability

Overview

Severity

N/A

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2020-Feb

Released

2020-02-11

Last Updated

2020-02-11

EPSS Score

94.40% (percentile: 100.0%)

CISA KEV

Listed — due 2022-05-03

Description

A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. The security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install.

Known Exploits (15)

• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2025-08-04T15:31:41Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2024-05-09T12:50:48Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2023-08-02T06:25:06Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2022-10-19T10:36:10Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2022-05-12T03:17:35Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2022-01-11T23:35:51+08:00
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2021-01-04T10:48:40Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2020-10-23T01:18:13Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2020-10-10T09:46:24Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2020-10-09T13:12:20+08:00
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2020-08-17T12:41:51Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2020-06-12T08:28:35Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2020-03-07T16:13:30+08:00
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2020-02-27T13:53:46Z
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability — added 2020-02-27T02:54:27Z

Detection & Weaponization (4 sources)

Maturity: Detection

• Metasploit modules: Exchange Control Panel ViewState Deserialization
• Sigma rules: CVE-2020-0688 Exploitation Attempt, CVE-2020-0688 Exchange Exploitation via Web Log, CVE-2020-0688 Exploitation via Eventlog
• YARA rules: vul_cve_2020_0688.yar, SIGNATURE_BASE_VUL_Exchange_CVE_2020_0688
• GitHub PoC: 26 repositories

Affected Products (6)

Exchange Server

• Microsoft Exchange Server 2013 Cumulative Update 23
• Microsoft Exchange Server 2019 Cumulative Update 3
• Microsoft Exchange Server 2016 Cumulative Update 14
• Microsoft Exchange Server 2016 Cumulative Update 15
• Microsoft Exchange Server 2019 Cumulative Update 4
• Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30

Security Updates (6)

• 4536988
• 4536987
• 4536987
• 4536987
• 4536987
• 4536989

Acknowledgments

Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a>

Revision History

• 2020-02-11: Information published.
• 2020-02-11: Corrected the CVE description and title. This is an informational change only.