Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks

Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws.
The mail systems run a software version that is currently unsupported and no longer receives any type of updates, being vulnerable to multiple security issues, some with a critical severity rating.
Internet scans from The ShadowServer Foundation show that there are close to 20,000 Microsoft Exchange servers currently reachable over the public internet that have reached the end-of-life stage.
On Friday, more than half of the systems were located in Europe.
In North America, there were 6,038 Exchange servers, and in Asia 2,241 instances.
ShadowServer's statistics may not show the complete picture as Macnica security researcher Yutaka Sejiyama discovered a little over 30,000 Microsoft Exchange servers that reached end of support.
The researcher also compared the update rate and observed that since April this year, the global number of EoL Exchange servers dropped by just 18% from 43,656, a decrease that Sejiyama feels is insufficient.
"Even recently, I still see news of these vulnerabilities being exploited, and now I understand why. Many servers are still in a vulnerable state" - Yutaka Sejiyama.
The ShadowServer Foundation highlights that the outdated Exchange machines discovered on the public web were vulnerable to multiple remote code execution flaws.
Some of the machines running older versions of the Exchange mail server are vulnerable to ProxyLogon, a critical security issue tracked as CVE-2021-26855, that can be chained with a less severe bug identified as CVE-2021-27065 to achieve remote code execution.
According to Sejiyama, based on the build numbers obtained from the systems during the scan, there are close to 1,800 Exchange systems that are vulnerable to either ProxyLogon, ProxyShell, or ProxyToken vulnerabilities.
Although most of the vulnerabilities above do not have a critical severity score, Microsoft marked them as "Important." Furthermore, except for the ProxyLogon chain - which has been exploited in attacks, all of them were tagged as "More likely" to be exploited.
Even if companies still running outdated Exchange servers have implemented available mitigations, the measure is not sufficient as Microsoft recommends prioritizing the installation of updates on the servers that are externally facing.
In the case of instances that reached the end of support the only option remaining is to upgrade to a version that still receives at least security updates.
New Microsoft Exchange zero-days allow RCE, data theft attacks.
Upgrade to hybrid work with $400 off a refurbished Surface 3 laptop.
Microsoft is killing WordPad in Windows after 28 years.
Learn Azure at your own pace with $77 off this exam prep bundle.
Work anywhere with a refurbished Microsoft Surface Pro 6 for $393.99.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 02 Dec 2023 18:55:18 +0000


Cyber News related to Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks

The ticking time bomb of Microsoft Exchange Server 2013 - This is, of course, a common issue since 2021 or so, due to Exchange Server security woes- however there has been an abnormally high increase in the past few months, making me think there was some kind of Exchange Server zero day perhaps. In my own ...
11 months ago Doublepulsar.com
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks - Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. The mail systems run a software version that is currently unsupported and no longer ...
1 year ago Bleepingcomputer.com
Thousands of Outdated Microsoft Exchange Servers are Susceptible to Cyber Attacks - A large number of Microsoft Exchange email servers in Europe, the United States, and Asia are currently vulnerable to remote code execution flaws due to their public internet exposure. These servers are running out-of-date software that is no longer ...
1 year ago Cysecurity.news
Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug - Microsoft has identified one of the critical vulnerabilities in Exchange Server that the company disclosed in February's Patch Tuesday update as actually being a zero-day threat that attackers are already actively exploiting. CVE-2024-21410 is an ...
9 months ago Darkreading.com
Over 28,500 Exchange servers vulnerable to actively exploited bug - Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. Microsoft addressed the issue on Fenruary 13, when it had already been ...
9 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Microsoft Exchange 2019 has reached end of mainstream support - Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. Starting today, the company says it will no longer accept requests for bug fixes and Design Change Requests, but it ...
10 months ago Bleepingcomputer.com
Microsoft Urges Admins to Patch On-Premises Exchange Servers: Updated Security Advice - Microsoft recently released updated guidelines and security advice regarding on-premises Exchange server environments. The company reminded administrators that patching their Exchange servers is essential to prevent cyberattacks and ensure their ...
1 year ago Bleepingcomputer.com
Fancy Bear hackers still exploiting Microsoft Exchange flaw - A Russian nation-state group continues to exploit a critical Microsoft vulnerability that was patched eight months ago to gain access to emails within victim organizations' Exchange servers. In March, Microsoft disclosed a zero-day elevation of ...
1 year ago Techtarget.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
11 months ago Microsoft.com
Microsoft Exchange Servers Vulnerable to Cyberattacks - Microsoft Exchange Servers are becoming increasingly vulnerable to cyberattacks due to unpatched security vulnerabilities. Microsoft has recently released several critical patches for Exchange Servers, but it is still not enough to prevent possible ...
1 year ago Hackread.com
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
2 months ago Aws.amazon.com
New Microsoft Exchange zero-days allow RCE, data theft attacks - Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. The zero-day vulnerabilities were disclosed by Trend Micro's ...
1 year ago Bleepingcomputer.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
10 months ago Bleepingcomputer.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
10 months ago Microsoft.com
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day - More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198. There is no patch or a workaround available and the only ...
1 year ago Bleepingcomputer.com
CVE-2021-20698 - Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
CVE-2021-20699 - Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
Microsoft extends Purview Audit log retention after July breach - Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July. The list of affected organizations included government ...
1 year ago Bleepingcomputer.com
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. Published with the name Ledger Live Web3, the fake application ...
1 year ago Bleepingcomputer.com
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
11 months ago Techtarget.com
Microsoft: Over 100 Threat Actors Deploy Ransomware in Attacks - Microsoft revealed that its security teams are tracking over 100 threat actors deploying ransomware during attacks. The company monitors over 50 unique ransomware families that were actively used until the end of last year, including Lockbit Black, ...
1 year ago Bleepingcomputer.com
Recently patched CUPS flaw can be used to amplify DDoS attacks - As Akamai security researchers found, a CVE-2024-47176 security flaw in the cups-browsed daemon that can be chained with three other bugs to gain remote code execution on Unix-like systems via a single UDP packet can also be leveraged to ...
2 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)