Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks

Trending 3 months ago

Hackers accept bags of accessible Microsoft Exchange servers to aces from

Tens of bags of Microsoft Exchange email servers in Europe, the U.S., and Asia apparent on the accessible internet are accessible to alien cipher beheading flaws.

The mail systems run a software adaptation that is currently bottomless and no best receives any blazon of updates, actuality accessible to assorted aegis issues, some with a analytical severity rating.

Exchange Server 2007 still running

Internet scans from The ShadowServer Foundation show that there are abutting to 20,000 Microsoft Exchange servers currently attainable over the accessible internet that accept accomplished the end-of-life (EoL) stage.

On Friday, added than bisected of the systems were amid in Europe. In North America, there were 6,038 Exchange servers, and in Asia 2,241 instances.

However, ShadowServer’s statistics may not appearance the complete account as Macnica aegis researcher Yutaka Sejiyama apparent a little over 30,000 Microsoft Exchange servers that accomplished end of support.

According to Sejiyama’s scans on Shodan, in backward November there were 30,635 machines on the accessible web with an bottomless adaptation of Microsoft Exchange:

  • 275 instances of Exchange Server 2007
  • 4,062 instances of Exchange Server 2010
  • 26,298 instances of Exchange Server 2013

Remote cipher beheading risk

The researcher additionally compared the amend amount and empiric that back April this year, the all-around cardinal of EoL Exchange servers alone by aloof 18% from 43,656, a abatement that Sejiyama feels is insufficient.

“Even recently, I still see account of these vulnerabilities actuality exploited, and now I accept why. Many servers are still in a accessible state” - Yutaka Sejiyama

The ShadowServer Foundation highlights that the anachronous Exchange machines apparent on the accessible web were accessible to assorted alien cipher beheading flaws.

Some of the machines active earlier versions of the Exchange mail server are accessible to ProxyLogon, a analytical aegis affair tracked as CVE-2021-26855, that can be chained with a beneath astringent bug articular as CVE-2021-27065 to accomplish alien cipher execution.

According to Sejiyama, based on the body numbers acquired from the systems during the scan, there are abutting to 1,800 Exchange systems that are accessible to either ProxyLogon, ProxyShell, or ProxyToken vulnerabilities.

ShadowServer notes that the machines in their scans are accessible to the afterward aegis flaws:

  • CVE-2020-0688
  • CVE-2021-26855 - ProxyLogon
  • CVE-2021-27065 - allotment of the ProxyLogon accomplishment chain
  • CVE-2022-41082 - allotment of the ProxyNotShell exploit chain
  • CVE-2023-21529
  • CVE-2023-36745
  • CVE-2023-36439

Although best of the vulnerabilities aloft do not accept a analytical severity score, Microsoft apparent them as “important.” Furthermore, except for the ProxyLogon alternation - which has been exploited in attacks, all of them were tagged as “more likely” to be exploited.

Even if companies still active anachronous Exchange servers accept implemented available mitigations, the admeasurement is not acceptable as Microsoft recommends prioritizing the accession of updates on the servers that are evidently facing.

In the case of instances that accomplished the end of abutment the alone advantage actual is to advancement to a adaptation that still receives at atomic aegis updates.