Many Exchange servers still not patched

Many Microsoft Exchange Servers around the world are still likely to be unpatched. Since Exchange Servers are coupled to the Internet, attackers can exploit existing vulnerabilities to compromise Exchange Servers.

Many Exchange servers still not patched
Image: depositphotos

At the end of December 2022, security researchers from the Shadowserver Foundation scanned the Internet and came up with a Message on Twitter According to the report, a total of around 70,000 vulnerable Microsoft Exchange servers have been found. The figures show that just under 30,000 servers in Europe are affected. Admins should therefore ensure that the latest security updates are installed.

Otherwise, there is still a risk that some major vulnerabilities will continue to be exploited. In case of successful attacks, attackers can usually exploit the malicious code and cause a complete compromise of systems. At the end of September 2022, Microsoft also failed to release an important security update in a reasonable amount of time.

Security patches should be applied quickly

The National Cyber Security Center (NCSC) was also last aware (as of November 2022) of more than 2800 vulnerable Exchange servers in Switzerland that had a vulnerability called ProxyNotShell. Attackers could exploit the vulnerability to execute code remotely ("Remote Code Execution Vulnerability" - RCE).

NCSC Recommendations:

Admins of Exchange servers should make sure to apply all the latest patches from Microsoft Exchange:

  • Make sure that you have installed a current Cumulative Update (CU) with all appropriate security updates;
  • Check your Exchange Server with the HealthChecker provided by Microsoft: https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/;
  • Scan your Exchange Server with up-to-date virus protection;
  • Review your patch strategy and ensure that critical security updates are applied outside of maintenance windows.
(Visited 158 times, 1 visits today)
h2> More articles on the topic

SECURITY NEWS

Bleiben Sie informiert über aktuelle Sicherheitsthemen – praxisnah und zuverlässig. Erhalten Sie exklusive Inhalte direkt in Ihren Posteingang. Verpassen Sie keine Updates.

Jetzt anmelden!
anmelden
You can unsubscribe at any time!
close-link