March 26, 2024 at 03:26PM
The German national cybersecurity authority warned that 17,000 Microsoft Exchange servers in Germany are exposed and vulnerable to critical security flaws. Approximately 45,000 servers have Outlook Web Access enabled, with 12% using outdated versions. The BSI advised updating to secure versions, installing security updates, and restricting access to web-based services.
Key takeaways from the meeting notes are as follows:
– The German national cybersecurity authority has identified 17,000 Microsoft Exchange servers in Germany that are exposed online and vulnerable to one or more critical security vulnerabilities.
– Approximately 45,000 Microsoft Exchange servers in Germany have Outlook Web Access (OWA) enabled and are accessible from the Internet.
– Around 12% of these servers are still using outdated versions of Exchange (2010 or 2013) which have not received security updates since October 2020 and April 2023, respectively.
– Roughly 28% of Exchange 2016 or 2019 servers exposed online have not been patched for at least four months and are vulnerable to at least one critical security flaw exploitable in remote code execution attacks.
– The BSI has warned that at least 37% of Exchange servers in Germany are severely vulnerable, affecting institutions such as schools, colleges, clinics, doctor’s offices, nursing services, legal and financial services, local governments, and medium-sized companies.
– The German authorities are urging the admins of these unpatched servers to update to current Exchange versions, install available security updates, and configure instances exposed online securely.
– Admins are advised to check whether their systems are on the current Microsoft Exchange patch level and ensure that the March 2024 monthly security updates are installed.
– The BSI recommends restricting access to web-based Exchange server services such as Outlook Web Access to trusted source IP addresses or securing them via a VPN, and enabling Extended Protection on all Exchange servers.
– Shadowserver has warned that 28,500 Microsoft Exchange servers were vulnerable to ongoing CVE-2024-21410 attacks, and up to 97,000 servers could be potentially vulnerable if Extended Protection wasn’t enabled.
– Microsoft has taken steps such as automatically toggling on Extended Protection on Exchange servers and urging Exchange admins to keep their on-premises servers up-to-date to deploy emergency security patches.