Security News > 2020 > April > Actively exploited MS Exchange flaw present on 80% of exposed servers

Actively exploited MS Exchange flaw present on 80% of exposed servers
2020-04-08 09:47

Attackers looking to exploit CVE-2020-0688, a critical Microsoft Exchange flaw patched by Microsoft in February 2020, don't have to look hard to find a server they can attack: according to an internet-wide scan performed by Rapid7 researchers, there are at least 315,000 and possibly as many as 350,000 vulnerable on-premise Exchange servers out there.

Over 31,000 Exchange 2010 servers have not been updated since 2012.

Nearly 800 Exchange 2010 servers have never been updated.

There are 10,731 Exchange 2007 servers and over 166,000 Exchange 2010 servers.

Still, the fact that there is such a huge number of outdated and unpatched MS Exchange mail servers out there doesn't bode well.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/EdneMH7qrVE/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-02-11 CVE-2020-0688 Improper Authentication vulnerability in Microsoft Exchange Server
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
network
low complexity
microsoft CWE-287
8.8
8.8