Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
More than 20,000 servers are affected by known and uncorrected problems.
Tens of thousands of Microsoft Exchange email servers in Europe, the United States, and Asia that are accessible over the Internet are vulnerable to Remote Code Execution (RCE) vulnerabilities. The key problem is that these servers run on an outdated and unsupported version of the software, which makes them vulnerable to many critical security issues.
According to the results of the ShadowServer scan, about 20,000 Microsoft Exchange servers that are no longer receiving support are available online. The largest number of such servers is found in Europe (over 10,000), North America (over 6,000), and Asia (over 2,200). However, according to Macnica, the real number may exceed 30,000, indicating a larger problem.
Macnica notes that since April 2023, the number of legacy servers has decreased by just 18%, from 43,656 to 30,635. This slow decline in the number of vulnerable systems is worrisome, as many of them are vulnerable to dangerous vulnerabilities, including ProxyLogon (CVE-2021-26855) and others that can be used for remote code execution.
ShadowServer highlights the following vulnerabilities found during scans:
Although most of these vulnerabilities are not considered critical, Microsoft has classified them as important, and many of them are considered likely candidates for exploitation in attacks.
The situation is complicated by the fact that even if companies using outdated servers apply available security measures, this may not be enough. Microsoft recommends installing updates on servers with external access first. For systems that have reached the end of their support period, the only solution is to upgrade to a newer version that is still receiving security updates.
Tens of thousands of Microsoft Exchange email servers in Europe, the United States, and Asia that are accessible over the Internet are vulnerable to Remote Code Execution (RCE) vulnerabilities. The key problem is that these servers run on an outdated and unsupported version of the software, which makes them vulnerable to many critical security issues.
According to the results of the ShadowServer scan, about 20,000 Microsoft Exchange servers that are no longer receiving support are available online. The largest number of such servers is found in Europe (over 10,000), North America (over 6,000), and Asia (over 2,200). However, according to Macnica, the real number may exceed 30,000, indicating a larger problem.
Macnica notes that since April 2023, the number of legacy servers has decreased by just 18%, from 43,656 to 30,635. This slow decline in the number of vulnerable systems is worrisome, as many of them are vulnerable to dangerous vulnerabilities, including ProxyLogon (CVE-2021-26855) and others that can be used for remote code execution.
ShadowServer highlights the following vulnerabilities found during scans:
- CVE-2020-0688 (CVSS: 8.8);
- CVE-2021-26855 (CVSS: 9.8) (ProxyLogon);
- CVE-2021-27065 (CVSS: 7.8) (part of the ProxyLogon exploit chain);
- CVE-2022-41082 (CVSS: 8.8) (part of the ProxyNotShell exploit chain);
- CVE-2023-21529 (CVSS: 8.8);
- CVE-2023-36745 (CVSS: 8.0);
- CVE-2023-36439 (CVSS: 8.0).
Although most of these vulnerabilities are not considered critical, Microsoft has classified them as important, and many of them are considered likely candidates for exploitation in attacks.
The situation is complicated by the fact that even if companies using outdated servers apply available security measures, this may not be enough. Microsoft recommends installing updates on servers with external access first. For systems that have reached the end of their support period, the only solution is to upgrade to a newer version that is still receiving security updates.
