Summary: In second week of February,2020, after MSPT, a static key vulnerability in Microsoft Exchange Control Panel (ECP), a component of Microsoft Exchange Server was observed, that leads to RCE. To perform the exploit, an authenticated user with any privilege level sends a specially crafted request to a vulnerable ECP and gain SYSTEM level arbitrary … Continue reading “Microsoft Exchange Validation Key Remote Code Execution Vulnerability (CVE-2020-0688)”