Introduction On February 11th, Microsoft released a patch for Microsoft Exchange Server (all versions), addressing a serious vulnerability allowing any authenticated user to execute arbitrary commands with SYSTEM privileges. The vulnerability was given CVE number CVE-2020-0688. This is possible because all Exchange servers use the same static key to encrypt/decrypt ViewState. Attackers can specify arbitrary […]