The German national cybersecurity authority, BSI, has raised an alarm regarding the vulnerability of Microsoft Exchange servers in Germany, with at least 17,000 servers found exposed online. Despite previous warnings and advisories, a significant portion of these servers, including those in crucial sectors like schools, clinics, and local governments, remain vulnerable due to outdated versions and missing security updates. BSI emphasizes that approximately 37% of Exchange servers in Germany are severely vulnerable, posing significant risks to the networks they support. Urgent action is urged for server administrators to update to current Exchange versions, install available security updates promptly, and secure online instances to mitigate potential threats.
BSI’s warning highlights the persistent cybersecurity challenges faced by organizations operating Exchange servers, especially those still using outdated versions. Despite ongoing efforts to raise awareness and provide guidance, the situation has not improved significantly, leaving a large number of servers vulnerable to exploitation. Threat monitoring service Shadowserver corroborates BSI’s findings, further emphasizing the urgency of addressing these vulnerabilities to prevent potential cyberattacks.
To address the vulnerabilities, BSI recommends specific actions for server administrators, including updating to current Exchange versions and promptly installing the latest security updates. Additionally, securing online instances by restricting access to trusted source IP addresses or using VPNs is advised to mitigate the risk of unauthorized access. Furthermore, to protect against the CVE-2024-21410 critical privilege escalation vulnerability, administrators are urged to enable Extended Protection on all Exchange servers using a dedicated PowerShell script.
