A large number of Microsoft Exchange email servers in Europe, the United States, and Asia are currently vulnerable to remote code execution flaws due to their public internet exposure.
These servers are running out-of-date software that is no longer supported, and as a result, they do not receive any updates or security patches.
As a result, they are vulnerable to a variety of security issues, some of which have critical severity ratings.
Recent internet scans conducted by The ShadowServer Foundation have disclosed that nearly 20,000 Microsoft Exchange servers are presently accessible via the public internet and have reached the end of life stage.
These statistics may not be indicative of the whole picture.
Yutaka Sejiyama, a Macnica security researcher, carried out additional research and identified over 30,000 Microsoft Exchange servers that have reached end-of-life status.
Sejiyama's Shodan scans discovered nearly 30,635 unsupported Microsoft Exchange devices on the public web.
One of the main concerns with these old servers is the possibility of remote code execution.
Outdated Exchange servers are vulnerable to a number of remote code execution bugs, including the critical ProxyLogon vulnerability, which can be combined with the less serious CVE-2021-27065 flaw to allow remote code execution.
According to Sejiyama's analysis of the scanned systems' build numbers, approximately 1,800 Exchange servers are still vulnerable to ProxyLogon, ProxyShell, and ProxyToken vulnerabilities.
Organisations that continue to use obsolete Exchange servers despite having implemented available mitigations are still susceptible.
Microsoft strongly advises prioritising the installation of updates on servers that are exposed to the outside world.
The only option for servers that have reached the end of support is to upgrade to a version that continues to get security patches.
The identification of tens of thousands of vulnerable Microsoft Exchange servers emphasises the critical importance of updating software and applying security patches on a regular basis.
Failure to do so exposes businesses to the risk of remote code execution and other security breaches.
This Cyber News was published on www.cysecurity.news. Publication date: Tue, 05 Dec 2023 14:13:04 +0000