Sunday, October 6, 2024
HomeCVE/vulnerability17,000+ Microsoft Exchange Servers Vulnerable to Multiple Critical Vulnerabilities

17,000+ Microsoft Exchange Servers Vulnerable to Multiple Critical Vulnerabilities

Published on

Federal Office for Information Security (BSI) in Germany has announced that at least 17,000 Microsoft Exchange servers across the country are exposed to one or more critical vulnerabilities.

This figure only scratches the surface, as several servers remain unaccounted for, potentially harboring similar risks.

The BSI’s findings underscore a pressing cybersecurity crisis, urging immediate action from server operators.

- Advertisement - EHA

BSI LogoClaudia Plattner, President of the BSI, expressed grave concerns over the widespread vulnerability of such crucial infrastructure.

“The presence of tens of thousands of vulnerable installations of such relevant software in Germany is unacceptable,” Plattner stated.

She emphasized the dire consequences of neglecting cybersecurity, including jeopardized IT systems, services, and sensitive data.

Plattner’s call to action is clear: cybersecurity must be at the top of the agendas for companies, organizations, and authorities.

CVE-2024-21410: A Closer Look

For nearly half of the Exchange servers, the vulnerability status concerning the critical vulnerability CVE-2024-21410 remains uncertain.

These systems are at risk unless operators have enabled extended protection since August 2022 or implemented alternative security measures.

The responsibility to assess and mitigate this vulnerability lies squarely with the server operators.

The BSI also highlighted another vulnerability in Microsoft Exchange that was recently addressed by security updates.

Failure to install these updates exacerbates the threat landscape. To combat this, the BSI’s CERT Association has been proactively informing network operators in Germany about vulnerable Exchange servers within their networks through daily, automated emails.

The Scope of Vulnerability

The BSI’s study reveals a concerning landscape: approximately 45,000 Microsoft Exchange servers in Germany are accessible online without restrictions.

About 12% operate on outdated versions that no longer receive security updates.

Furthermore, 25% of all servers run on current Exchange 2016 and 2019 versions but are behind on patch updates, leaving them susceptible to multiple critical vulnerabilities.

At least 37% of all Microsoft Exchange servers accessible from the Internet in Germany are vulnerable.

Impact on Various Sectors

The vulnerabilities have far-reaching implications, particularly affecting schools, universities, medical facilities, legal and tax advisory services, local governments, and medium-sized businesses.

Cybercriminals and state actors exploit these weaknesses to disseminate malware, conduct cyber espionage, and launch ransomware attacks.

The BSI’s study is a critical wake-up call for securing Microsoft Exchange servers against existing vulnerabilities.

Operators are strongly encouraged to update to the latest Exchange versions, install all available security updates, and configure their servers securely.

As cyber threats continue to evolve, the importance of proactive and comprehensive cybersecurity measures has never been more evident.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...