Critical vulnerabilities in Exchange servers. Immediate action required!

hasan018542 · Post by **hasan018542** » Wed Jan 29, 2025 10:04 am

According to information from the IT service provider Shodan, tens of thousands of Exchange servers in Germany are vulnerable to attack via the Internet and are very likely already infected with malware. Organizations of all sizes are affected. The Federal Office for Information Security (BSI) has begun to inform potentially affected parties. It recommends that all operators of affected Exchange servers immediately install the patches provided by Microsoft .

During the night of Wednesday, March 3, 2021, Microsoft released new security updates for the "Exchange Server" product at short notice, which close four vulnerabilities. These are currently being actively exploited by a group of attackers. They can be exploited via remote access from the Internet. In addition, Exchange servers have high rights in the Active Directory by default in many morocco gambling data infrastructures. It is conceivable that further attacks with the rights of a taken over Exchange server could potentially compromise the entire domain with little effort. Systems that have not yet been patched should be assumed to be compromised. Due to the public availability of so-called proof-of-concept exploit codes and strong worldwide scanning activities, the BSI currently sees a very high risk of attack.

The BSI strongly recommends installing the security updates provided by Microsoft . Vulnerable Exchange systems should be urgently checked for any abnormalities due to the very high risk of attack. The BSI Situation Center works 24/7. Affected organizations can find information here: https://www.bsi.bund.de/DE/IT-Sicherhei ... _node.html . Information about the warning can be found here: https://www.bsi.bund.de/DE/Themen/Unter ... _node.html

What makes matters worse is that thousands of systems still have vulnerabilities that have been known for over a year and have not yet been patched. Small and medium-sized enterprises (SMEs) in particular could be affected by this. In addition to accessing the email communication of the respective companies, attackers can often also gain access to the entire company network via such vulnerable server systems.