Security News > 2020 > April > Serious Exchange Flaw Still Plagues 350K Servers
Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability - nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it.
Researchers recently used Project Sonar, a scanning tool, to analyze internet-facing Exchange servers and sniff out which were vulnerable to the flaw.
The patch management issues with Exchange servers extend beyond CVE-2020-0688.
Sellers said his investigation revealed that over 31,000 Exchange 2010 servers have not been updated since 2012.
"The update for CVE-2020-0688 needs to be installed on any server with the Exchange Control Panel enabled. This will typically be servers with the Client Access Server role, which is where your users would access Outlook Web App.".
News URL
https://threatpost.com/serious-exchange-flaw-still-plagues-350k-servers/154548/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |