Security News > 2021 > March > Over 80,000 Exchange Servers Still Affected by Actively Exploited Vulnerabilities
Roughly 80,000 Exchange servers have yet to receive patches for the actively exploited vulnerabilities, Microsoft says.
Over the course of last week, Microsoft released additional fixes for these vulnerabilities, including security updates for older and unsupported Exchange Server versions, or Cumulative Updates, as the company calls them.
Microsoft revealed that, as of March 12, more than 82,000 Exchange servers were still left to be updated.
Last week, ESET reported that more than 10 threat actors were observed targeting vulnerable Exchange servers.
"Ongoing research illustrates that these vulnerabilities are being used by multiple threat groups. While it is not new for highly skilled attackers to leverage new vulnerabilities across varying product ecosystems, the ways in which these attacks are conducted to bypass authentication - thereby providing unauthorized access to emails and enabling remote code execution - is particularly nefarious," Palo Alto Networks noted.
Microsoft published additional information on how organizations can protect their on-premises Exchange servers against exploitation, reiterating that applying the available patches represents the first step, followed by identifying possibly compromised systems and removing them from the network.