Microsoft Exchange Servers at Risk: Thousands Remain Vulnerable to Dangerous Security Flaws
- May 12, 2023
Despite the availability of patches, a shocking number of Microsoft Exchange servers continue to be exposed to high-severity security flaws, leaving thousands of devices vulnerable to dangerous remote code execution (RCE) exploits. According to a recent CyberNews report, IT teams have been slow to patch their endpoints, resulting in over 85,000 servers still being at risk from multiple RCE vulnerabilities.
These flaws, specifically CVE-2023-21529, CVE-2023-21706, and CVE-2023-21707, were identified in mid-February 2023, and Microsoft swiftly released patches to address the issue. However, many IT teams have yet to apply these critical security updates, leaving their servers exposed to potential cyber-attacks. The vulnerabilities are considered "extremely dangerous" as they can enable threat actors to run malicious code and compromise users' inboxes and email messages stored on the servers.
Research conducted by the Shadowserver Foundation revealed that the number of vulnerable servers in February 2023 was 87,000, indicating that most IT teams have essentially disregarded the security threat and chosen not to apply the necessary fixes. The CyberNews study analyzed approximately 250,000 internet-connected Microsoft Exchange servers and discovered that 34.33% (85,261) were exposed to these RCE vulnerabilities. The majority of affected servers were found in Germany, amounting to 18,000, followed by the United States with nearly 16,000, the United Kingdom with 3,734, and France with 2,959.
It's worth noting the preference for older versions of Microsoft Exchange 2016 by companies in China, despite the availability of newer versions in the 2019 and 2013 releases. While it's difficult to determine who might exploit these security flaws and to what end, CyberNews emphasized that similar vulnerabilities have been exploited in the past by Russian state-sponsored actors. These flaws bear a resemblance to those used by the GRU in 2020 to launch large-scale attacks against government agencies, businesses, and organizations.
In conclusion, the apparent negligence of IT teams in patching their Microsoft Exchange servers is a cause for concern. The continuous exposure of thousands of servers to these severe security flaws puts organizations and users at risk of devastating cyber-attacks. To mitigate this threat, IT teams must promptly apply the necessary security patches and stay vigilant against potential exploits. As the digital landscape continues to evolve, it's crucial for organizations to prioritize security and ensure the protection of their systems and sensitive data.