Microsoft Exchange Control Panel (ECP) Vulnerability CVE-2020-0688 Exploited

Volexity outlines active exploitation of CVE-2020-0688 — a Microsoft Exchange ECP/ViewState RCE — observed being abused by APT actors to run commands, deploy webshells, and execute in-memory post-exploitation tools; the report provides detection guidance (ECP ServerException logs, Application Event Log Event ID 4, IIS logs, likely webshell locations), notes credential brute-force activity against Exchange Web Services, and recommends immediate patching, restricting ECP access, and credential hygiene.