Security News > 2024 > March > 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
![17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns](/static/build/img/news/17000-microsoft-exchange-servers-in-germany-are-vulnerable-to-attack-bsi-warns-medium.jpg)
Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions "Are so outdated that security updates are no longer offered for them," the German Federal Office for Information Security has warned today.
The BSI worries about attackers breaching those servers by exploiting CVE-2024-21410, a critical elevation of privilege bug that allows attackers to learn a targeted user's NTLM credentials and "Relay" them to authenticate themselves to a vulnerable Exchange Server as the user.
This means that at least 17,000 instances of Microsoft Exchange servers in Germany - and likely more of them - are vulnerable to one or more critical vulnerabilities.
How many more vulnerable Microsoft Exchange servers are out there?
The Shadowserver Foundation currently detects over 17,800+ internet-facing Exchange Servers around the world vulnerable to CVE-2024-21410, 73,300+ possibly vulnerable to CVE-2024-21410, and 70,000+ vulnerable to CVE-2024-26198.
BSI said that its CERT has been notifying network operators in Germany via email about IP addresses in their networks where known vulnerable Exchange servers are located.
News URL
https://www.helpnetsecurity.com/2024/03/26/vulnerable-microsoft-exchange-servers/
Related news
- Oracle WebLogic Server OS Command Injection Flaw Under Active Attack (source)
- Microsoft launches cybersecurity program to tackle attacks, protect rural hospitals (source)
- Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended (source)
- Meta, Microsoft SQL Server make strange bedfellows on a couch of cyber-pain (source)
- New Attack Technique Exploits Microsoft Management Console Files (source)
- 'Skeleton Key' attack unlocks the worst of AI, says Microsoft (source)
- Hackers attack HFS servers to drop malware and Monero miners (source)
- June Windows Server updates break Microsoft 365 Defender features (source)
- Microsoft links Scattered Spider hackers to Qilin ransomware attacks (source)
- DeFi exchange dYdX v3 website hacked in DNS hijack attack (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-12 | CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability network low complexity | 8.8 |
2024-02-13 | CVE-2024-21410 | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 9.8 |