Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

17000 Microsoft Exchange servers in Germany exposed online are at risk

The German national cybersecurity authority warned about it

3 min. read

Published onMarch 27, 2024

published onMarch 27, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Recently, the German national cybersecurity authority alerted that more than 17,000 Microsoft Exchange servers in Germany are vulnerable to one or more critical security vulnerabilities.

As per the German Federal Office for Information Security (BSI), approximately 45000 Microsoft Exchange servers in Germany have Outlook Web Access (OWA) enabled and are accessible via the Internet.

Of these, 12% of servers have outdated versions of Exchange 2010 and 2013 and have not received security updates since October 2020 and April 2023, respectively.

If we talk about the newer versions, Exchange 2016 and 2019, 28% of these have not received any security update for four months and are vulnerable to one or more critical security flaws, which could be exploited in the prevalent remote code execution attacks.

In its report, the BSI warned:

Overall, at least 37% of Exchange servers in Germany (and in many cases also the networks behind them) are severely vulnerable. This corresponds to approx. 17,000 systems. In particular, many schools and colleges, clinics, doctor’s offices, nursing services and other medical institutions, lawyers and tax consultants, local governments, and medium-sized companies are affected.

As early as 2021, the BSI warned several times against the active exploitation of critical vulnerabilities in Microsoft Exchange and temporarily called the IT threat situation ‘red.’ Nevertheless, the situation has not improved since then, as many Exchange server operators continue to act very carelessly and do not release available security updates in a timely manner.

So, BSI recommended that admins of these unpatched servers must also keep the Exchange versions up to date and install all the security updates as soon as they are available.

The admins should also inspect whether all their systems are on the latest Microsoft Exchange patch level and whether the March security update is installed correctly on their machines. Here are the details of the version available:

The BSI urged restricting access to web-based Exchange server series like Outlook Web Access to trusted source IP addresses or promoting using them only via a reliable VPN.

In addition to this, the BSI also mentioned that to prevent being exploited due to theCVE-2024-21410 critical privilege escalation vulnerabilitymentioned by Microsoft, the admins should use Extended Protection on all Exchange servers usinga PowerShell script.

Microsoft has now automatically enabled the Extended Protection on Exchange Servers after the February 2024 H1 Cumulative Update (CU14). This step was taken when Shadowserver, a threat-monitoring service, alerted that 28,500 Microsoft Exchange servers were vulnerable to ongoing CVE-2024-21410 attacks.

What are your thoughts on the matter? Share your opinions with our readers in the comments section below.

More about the topics:Microsoft Exchange

Srishti Sisodia

Windows Software Expert

Srishti Sisodia is an electronics engineer and writer with a passion for technology. She has extensive experience exploring the latest technological advancements and sharing her insights through informative blogs.

Her diverse interests bring a unique perspective to her work, and she approaches everything with commitment, enthusiasm, and a willingness to learn. That’s why she’s part of Windows Report’s Reviewers team, always willing to share the real-life experience with any software or hardware product. She’s also specialized in Azure, cloud computing, and AI.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Srishti Sisodia

Windows Software Expert

She is an electronics engineer and writer with a passion for technology. Srishti is specialized in Azure, cloud computing, and AI.