CVE-2020-0688: Microsoft Exchange Server Static Key Flaw Could Lead to Remote Code Execution

March 5, 2020

Attackers are probing for vulnerable Microsoft Exchange Servers, as details surrounding a severe flaw were recently made public. 

On February 11, Microsoft released a patch for a severe vulnerability in Microsoft Exchange Server as part of its monthly Patch Tuesday updates. Initially, Microsoft labeled this a memory corruption vulnerability in Microsoft Exchange. However, Microsoft has since updated the title and description for the flaw.

Vulnerability analysis: CVE-2020-0688 is a static key vulnerability in Microsoft Exchange Control Panel (ECP), a component of the Microsoft Exchange Server. The use of static keys could allow an authenticated attacker with any privilege level to send a specially crafted request to a vulnerable ECP and gain SYSTEM level arbitrary code execution. Microsoft rates this flaw as important but notes that exploitation is more likely, according to its exploitability index.

Researchers have warned that attackers are probing for Microsoft Exchange Servers vulnerable to CVE-2020-0688 and found that many organizations are behind in patching Exchange Servers, leaving them open to attack. Full details of the vulnerability are in the blog post.


Coronavirus Threat: Array Networks Offers Complimentary Work from Home Solutions to Enterprises

March 5, 2020

  • MNCs are instituting work from home policy amid Coronavirus threats
  • Array Networks ensures security of business by letting teams work remotely from home

BENGALURU, India – March 5, 2020 – Array Networks Inc. today announced its full-fledged support towards enabling corporate workforce to work from home (WFH) amid the coronavirus threats by offering complimentary Virtual Secure Access Gateway (vxAG) and Direct Desktop Business Continuity Planning license for 30 days to all enterprises who securely wish to plan work from home for their employees.

With stock markets reeling and growth forecasts slashed, companies have been scaling up efforts to keep workers virus-free. The move comes amid industry-wide concerns on how badly the coronavirus might affect the financial industry. In offices across Asia, enterprises have asked their employees to WFH as a precaution against deadly coronavirus. Google HQ in Dublin urges employees to WFH. Twitter is urging its 5,000 global staff to WFH and has made Hong Kong, Japan, and South Korea, mandatory WFH. Other companies have decided to do the same indefinitely; emulating a trend that started in Asia after coronavirus erupted in China in December. The goal is to lower the probability of spreading Covid-19 coronavirus.

We are cognizant of the fact that the virus is becoming a more immediate threat to all types of businesses exploding remote work across Asian countries. While we hope that the disruption would be minimal, we know there would be some difficulty in people continuing their roles efficiently without compromising security at the same time,” said Shibu Paul, Vice PresidentInternational Sales at Array Networks.

Array’s vxAG virtual secure access gateways extend remote and mobile access capabilities to virtualized data centers and public/private clouds. DesktopDirect ensures operational readiness and ensure our ability to perform at full capacity in case of an extended period and also allows non-mobile workers to immediately get to work during disruptive events, without forcing compromises on IT or the corporation as a whole“, he further added.

Array’s vxAG virtual secure access gateways enable secure access to business applications for remote and mobile workers and dynamic, flexible and elastic provisioning of secure access services. From a single platform, secure access can be enabled for multiple communities of interest including employees, partners, guests, and customers. The vxAG supports multiple authentication methods to provide an additional layer of defense against unauthorized access and misuse of data and applications. Array’s DesktopDirect’s security capabilities protect data, users, and corporate resources, ensuring that providing Business Continuity Plan for the entire organization will not cause any new security risks.

To learn more please reach email Sales-India@arraynetworks.net

About Array Networks

Array Networks solves performance and complexity challenges for businesses moving toward virtualized networking, security and application delivery. Headquartered in Silicon Valley, Array addresses the growing market demand for Network Functions Virtualization (NFV), cloud computing, and software-centric networking. Proven at more than 5,000 worldwide customer deployments, Array is recognized by leading analysts, enterprises, service providers and partners for pioneering next-generation technology that delivers agility at scale. Visit www.arraynetworks.com to know about Network Functions Virtualization (NFV), cloud computing, and software-centric networking.


%d bloggers like this: