Safety Detectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

17,000 Microsoft Exchange Servers Exposed to Critical Bugs

Penka Hristovska
Penka Hristovska
Published on: April 3, 2024
Penka Hristovska Penka Hristovska
Published on: April 3, 2024

Germany’s leading cybersecurity agency is urging vulnerable organizations to update their outdated Microsoft Exchange software and apply all available security updates.

The German Federal Office for Information Security (BSI) reported that at least 17,000 Exchange servers are at risk due to one or more critical flaws. Cybercriminals and state-sponsored actors are already exploiting many of these vulnerabilities to distribute malware and conduct cyber espionage or ransomware attacks, the agency noted.

The report didn’t point to any examples, but it said local schools, universities, medical facilities, judicial services, local governments, and medium-sized businesses are facing serious threats.

The BSI says it has repeatedly warned about the active exploitation of critical vulnerabilities in Microsoft Exchange since 2021, even temporarily elevating the IT threat level to “red.”

“Nevertheless, the situation has not improved since then, as many Exchange server operators continue to be very negligent in providing security updates,” the report said.

A lot of companies are too slow to address vulnerabilities with available fixes. Even with critical vulnerabilities, it may take months or more for administrators to apply patches. These delays create the perfect opportunities that criminals actively seek.

A total of 45,000 Microsoft Exchange servers in Germany are currently accessible from the internet, the agency explained, and about 12% of these servers are so outdated that they no longer receive security updates.

Furthermore, around 25% of all servers in Germany use the 2016 and 2019 versions of Exchange but haven’t updated to the latest patches, leaving these servers exposed to several critical vulnerabilities.

“The fact that there are tens of thousands of vulnerable installations of such relevant software in Germany must not happen,” said Claudia Plattner, president of the BSI.

“Companies, organizations, and authorities unnecessarily endanger their IT systems and thus their added value, their services or their own and third-party data, which may be highly sensitive. Cybersecurity must finally be high on the agenda. There is an urgent need for action!,” she added.

About the Author
Penka Hristovska
Penka Hristovska
Editor
Published on: April 3, 2024

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.