Saturday, April 13, 2024

17,000+ Microsoft Exchange Servers Vulnerable to Multiple Critical Vulnerabilities

Federal Office for Information Security (BSI) in Germany has announced that at least 17,000 Microsoft Exchange servers across the country are exposed to one or more critical vulnerabilities.

This figure only scratches the surface, as several servers remain unaccounted for, potentially harboring similar risks.

The BSI’s findings underscore a pressing cybersecurity crisis, urging immediate action from server operators.

BSI LogoClaudia Plattner, President of the BSI, expressed grave concerns over the widespread vulnerability of such crucial infrastructure.

“The presence of tens of thousands of vulnerable installations of such relevant software in Germany is unacceptable,” Plattner stated.

She emphasized the dire consequences of neglecting cybersecurity, including jeopardized IT systems, services, and sensitive data.

Plattner’s call to action is clear: cybersecurity must be at the top of the agendas for companies, organizations, and authorities.

CVE-2024-21410: A Closer Look

For nearly half of the Exchange servers, the vulnerability status concerning the critical vulnerability CVE-2024-21410 remains uncertain.

These systems are at risk unless operators have enabled extended protection since August 2022 or implemented alternative security measures.

The responsibility to assess and mitigate this vulnerability lies squarely with the server operators.

The BSI also highlighted another vulnerability in Microsoft Exchange that was recently addressed by security updates.

Failure to install these updates exacerbates the threat landscape. To combat this, the BSI’s CERT Association has been proactively informing network operators in Germany about vulnerable Exchange servers within their networks through daily, automated emails.

The Scope of Vulnerability

The BSI’s study reveals a concerning landscape: approximately 45,000 Microsoft Exchange servers in Germany are accessible online without restrictions.

About 12% operate on outdated versions that no longer receive security updates.

Furthermore, 25% of all servers run on current Exchange 2016 and 2019 versions but are behind on patch updates, leaving them susceptible to multiple critical vulnerabilities.

At least 37% of all Microsoft Exchange servers accessible from the Internet in Germany are vulnerable.

Impact on Various Sectors

The vulnerabilities have far-reaching implications, particularly affecting schools, universities, medical facilities, legal and tax advisory services, local governments, and medium-sized businesses.

Cybercriminals and state actors exploit these weaknesses to disseminate malware, conduct cyber espionage, and launch ransomware attacks.

The BSI’s study is a critical wake-up call for securing Microsoft Exchange servers against existing vulnerabilities.

Operators are strongly encouraged to update to the latest Exchange versions, install all available security updates, and configure their servers securely.

As cyber threats continue to evolve, the importance of proactive and comprehensive cybersecurity measures has never been more evident.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles