Security News > 2020 > September > Microsoft Exchange Servers Still Open to Actively Exploited Flaw
Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges - even eight months after Microsoft issued a fix.
The flaw, which stems from the server failing to properly create unique keys at install time, was fixed as part of Microsoft's February Patch Tuesday updates - and admins in March were warned that unpatched servers are being exploited in the wild by unnamed advanced persistent threat actors.
New telemetry found that out of 433,464 internet-facing Exchange servers observed, at least 61 percent of Exchange 2010, 2013, 2016 and 2019 servers are still vulnerable to the flaw.
Previously, in April, Rapid7 researchers found that more than 80 percent of servers were vulnerable; out of 433,464 internet-facing Exchange servers observed, at least 357,629 were open to the flaw.
Researchers used Project Sonar, a scanning tool, to analyze internet-facing Exchange servers and sniff out which were vulnerable to the flaw.
News URL
https://threatpost.com/microsoft-exchange-exploited-flaw/159669/
Related news
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)