March 28, 2024 at 03:53AM
The German Federal Office for Information Security (BIS) has issued an urgent alert regarding the poor state of Microsoft Exchange Server patching in Germany. Around 12 percent of the public-facing servers in the country are running unsupported versions of Exchange Server, with around a quarter lacking vital patches, making them vulnerable to cyber attacks. BIS is urging immediate action to address these vulnerabilities and prevent potential exploitation.
It appears that the German Federal Office for Information Security (BIS) has issued an urgent alert regarding the poor state of Microsoft Exchange Server patching in Germany. Out of the approximately 45,000 public-facing servers in the country running the software, around 17,000 instances are vulnerable to at least one critical vulnerability. Additionally, around 12 percent of the servers are running unsupported versions, and approximately a quarter are running versions 2016 and 2019 without vital patches, leaving at least 37 percent vulnerable.
The president of the BSI, Claudia Plattner, warned that companies, organizations, and authorities are unnecessarily endangering their IT systems and sensitive data by not addressing these vulnerabilities. The BIS is emphasizing the urgency of patching these vulnerabilities, especially the elevation-of-privilege vulnerability CVE-2024-21410, which has been identified as a particular concern.
The BIS is actively engaged in contacting network providers to prompt them to address any detected vulnerable systems. They are also cautioning that criminals are actively seeking to exploit these reported flaws. The BIS spokesperson stressed the availability of security patches for these vulnerabilities and urged administrators to act quickly and consistently.