Security News > 2023 > December > Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws.
Internet scans from The ShadowServer Foundation show that there are close to 20,000 Microsoft Exchange servers currently reachable over the public internet that have reached the end-of-life stage.
ShadowServer's statistics may not show the complete picture as Macnica security researcher Yutaka Sejiyama discovered a little over 30,000 Microsoft Exchange servers that reached end of support.
Some of the machines running older versions of the Exchange mail server are vulnerable to ProxyLogon, a critical security issue tracked as CVE-2021-26855, that can be chained with a less severe bug identified as CVE-2021-27065 to achieve remote code execution.
Even if companies still running outdated Exchange servers have implemented available mitigations, the measure is not sufficient as Microsoft recommends prioritizing the installation of updates on the servers that are externally facing.
New Microsoft Exchange zero-days allow RCE, data theft attacks.
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-26855 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 |
| 2021-03-03 | CVE-2021-27065 | Path Traversal vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 7.8 |