• Admins, heads up! Another Patch Tuesday security hole has a public exploit

    Posted on February 25, 2020 at 12:07 CST by Comment in the Forums

    A week ago today, I warned those of you running SQL Server systems to install the latest Patch Tuesday patches. In particular, CVE-2020-0618 was cracked and Proof of Concept code was readily available.

    Now there’s a description on the Zero Day Initiative blog that another Patch Tuesday patch, CVE-2020-0688, is ripe for the picking on systems running Exchange Server.

    If you aren’t in charge of a SQL Server or Exchange Server system, you can return to your normally scheduled programming. But if you’re in the hot seat for either or both, it’s time to take Susan Bradley’s advice and get patched. Like, now.

    UPDATE: This is really bad. From Kevin Beaumont:

    From playing with this last night – this vulnerability rains credentials. You land as SYSTEM. Run Mimikatz. Exchange stores user credentials in memory in plain text, so you end up with every user password, no hashing.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.