What role does the machineKey play in exploiting deserialization for virtual file deployment in Exchange?

The `machineKey` in ASP.NET is used to validate and encrypt `ViewState` data. By gaining write access to Exchange's `web.config` files, an attacker can replace the legitimate `machineKey` with a known value. This allows them to forge a malicious `ViewState` payload that, when deserialized on the server, executes arbitrary code—such as registering a virtual file provider to deploy a webshell. Without the correct `machineKey`, the `ViewState` would be rejected during validation, so compromising the key is a critical step in the attack chain.