Security News > 2021 > March > The Microsoft Exchange hacks: How they started and where we are
The emergency patches for the recently disclosed critical vulnerabilities in Microsoft Exchange email server did not come soon enough and organizations had little time to prepare before en masse exploitation began.
With patches released and proof-of-concept exploit code surfacing online, thousands of Microsoft Exchange servers worldwide continue to remain vulnerable and the number of attacks is still at a worrying level.
On March 2, Microsoft released updates for Exchange Server and informed of "Multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks."
Once official patches came out, even for unsupported versions, vulnerable Microsoft Exchange servers directly exposed on the internet became an even hotter target as threat actors could reverse engineer the updates to build an exploit.
Security professionals at Shadowserver saw yesterday more than 8,000 IP addresses that showed signs of DLTMiner activity, most of them in China and the U.S. Ransomware also jumped in and started to compromise Microsoft Exchange server using the ProxyLogon vulnerabilities.
Victor Gevers, the chair of the Dutch Institute for Vulnerability Disclosure, told BleepingComputer on Friday that there were about 64,000 vulnerable Microsoft Exchange servers around the world.