Many businesses still haven’t patched their Microsoft Exchange servers
Thousands of vulnerable Exchange servers have yet to be patched
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Although organizations have known for weeks now about theProxyLogon vulnerabilitiesinMicrosoft Exchange, new research fromCyberNewshas revealed that there are still more than 60,000 servers that have yet to be patched.
At the beginning of March, the software giant detected that multiple zero-day exploits were being used to attack on-premises versions of servers running its software. WhileMicrosoftattributed the campaign to a threat actor group known asHafniumwith ties to China, these vulnerabilities are now being exploited by other threat actor groups.
Despite the fact that Microsoft has released a comprehensivesecurity update, a one-click interimExchange On-Premises Mitigation Tooland evenstep-by-step guidanceaddress these attacks,CyberNews' investigation shows that thousands of servers remain vulnerable.
The news outlet looked at the main vulnerability, tracked asCVE-2021-26855, and gathered data on the number of potentially vulnerable unpatched servers to discover that approximately 62,174 servers have not yet been updated.
Vulnerable servers
Of the vulnerable servers found byCyberNews, 13,877 are located in the US and over 9,000 are in Germany. In France, the UK, Italy and Russia, there are 3,387, 3,128, 2,577 and 2,517 vulnerable servers respectively. This is still an improvement over the number of vulnerable systems (120,000) when the ProxyLogon vulnerabilities were first discovered.
Now though, these vulnerable servers are being attacked in the wild by cybercriminals who are trying to infect them with theBlackKingdom ransomware. In a newblog post, director of engineering at Sophos, Mark Loman provided further insight on the BlackKingdom ransomware, saying:
“The Black KingDom ransomware is far from the most sophisticated payload we’ve seen. In fact, our early analysis reveals that it is somewhat rudimentary and amateurish in its composition, but it can still cause a great deal of damage. It may be related to a ransomware of the same name that appeared last year on machines that, at the time, were running a vulnerable version of the Pulse Secure VPN concentrator software.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
If you’re organization has a Microsoft Exchange server, it is highly recommended that you follow Microsoft’s guidance and install the latest patches and bug fixes immediately now that cybercriminals are actively targeting vulnerable servers.
ViaCyberNews
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
