[German]Looks like we're heading for the next cyberattack disaster. Network scans by security researchers have found around 20,000 Microsoft Exchange servers that are accessible via the internet and vulnerable to remote code attacks. The Exchange servers are located in Asia, Europe and the USA and can no longer be patched as they have reached the end of their life cycle and have fallen out of support. A worthwhile target for cyber attackers, who can no longer keep up as quickly as security gaps grow on the Internet.
Advertising
The colleagues from Bleeping Computer mentioned the problem in the following tweet and in this article. The ShadowServer Foundation recently conducted internet scans on Microsoft Exchange Server to find out if there are instances that are accessible via the internet but have already reached the end-of-life (EoL) stage.
The result, which was published here, is frightening. Internet scans by The ShadowServer Foundation show that there are currently almost 20,000 Microsoft Exchange servers accessible via the public Internet that have reached the end-of-life (EoL) stage. This means that there are people who operate an Exchange server that is publicly accessible via the Internet and for which there are no more updates. The old Exchange Server versions are susceptible to several security vulnerabilities, some of which are classified as critical.
The vulnerable Microsoft Exchange email servers are located in Asia, Europe and the USA. In Europe, there are around 10,000 of these out-of-date and out-of-support Exchange servers that are vulnerable via the Internet. North America has around 6,000 instances that are EOL.
However, it could be that these servers are "honeypots" that have been deliberately exposed on the Internet as EOL.
Our colleagues at Bleeping Computer have picked up on information from Macnica security researcher Yutaka Sejiyama, who claims to have discovered just over 30,000 Microsoft Exchange servers that have reached end of support. Sejiyamas ran scans via Shodan and found 30,635 systems on the Internet running an unsupported version of Microsoft Exchange at the end of November. Here are his statistics:
Advertising
- 275 instances of Exchange Server 2007
- 4,062 instances of Exchange Server 2010
- 26,298 instances of Exchange Server 2013
The ShadowServer Foundation writes that these outdated Exchange servers are prone to multiple remote code execution vulnerabilities. Some of these Exchange servers are vulnerable to ProxyLogon (CVE-2021-26855), which can be coupled with CVE-2021-27065 for remote code execution. According to Sejiyama, there are nearly 1,800 Exchange systems vulnerable to either ProxyLogon, ProxyShell or ProxyToken. Bleeping Computer has published a list of the vulnerabilities found in the instances.
Advertising