Unpatched Microsoft Exchange Servers Vulnerable to CVE-2020-0688

Original release date: March 10, 2020

Microsoft Exchange Servers affected by a remote code execution vulnerability, known as CVE-2020-0688, continue to be an attractive target for malicious cyber actors. A remote attacker can exploit this vulnerability to take control of an affected system that is unpatched.

Although Microsoft disclosed the vulnerability and provided software patches for the various affected products in February 2020, advanced persistent threat actors are targeting unpatched servers, according to recent open-source reports. The Cybersecurity and Infrastructure Security Agency (CISA) urges users and administrators review Microsoft’s Advisory and the National Security Agency’s tweet on CVE-2020-0688 for more information and apply the necessary patches as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases March 2020 Security Updates

Original release date: March 10, 2020

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s March 2020 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Intel Releases Security Updates

Original release date: March 10, 2020

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: March 10, 2020

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 74 and Firefox ESR 68.6 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.