Thousands of Microsoft Exchange servers left open to attack

A woman shocked at the email she just accidentally sent
(Image credit: Shutterstock)

Thousands of companies around the world are running extremely behind on updating their Microsoft Exchange email servers, putting their organizations at enormous risk of malware, data theft, ransomware, and other cyber threats.

A new report from The ShadowServer Foundation uncovered almost 20,000 internet-connected servers running versions of software that reached end-of-life (EoL) and are as such no longer receiving critical security updates.

These servers are located mostly in Europe (more than half), the United States (around 6,000), and different Asian countries (around 2,200), it was said.

Exploiting the flaws

But security researcher Yutaka Sejiyama from Macnica believe that the problem is even bigger than that. They took to Shodan to scan for vulnerable Exchange servers and found more than 30,000 endpoints, and that as of late November 2023, there were more than 26,000 instances of Exchange Server 2013, more than 4,000 Server 2010 instances, and 275 instances of Exchange Server 2007.

Earlier this year, in April, there were only 18% more vulnerable servers, which Sejiyama says is too slow of an upgrade rate.

“Even recently, I still see news of these vulnerabilities being exploited, and now I understand why. Many servers are still in a vulnerable state,” Sejiyama said.

Microsoft Exchange email servers are a popular target among cybercriminals as they allow them easy access into the target network, and often contain sensitive information such as login credentials, important communication, and vital files. In January this year, The ShadowServer Foundation warned that companies were too slow to patch their servers against ProxyNotShell, a vulnerability that allowed threat actors to execute malicious code, remotely.

The best way to remain secure against ProxyNotShell and other pests invading Exchange servers is to use the latest version of the software and keep it updated at all times.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.