German Cybersecurity Authority Raises Alarm Over 17K Vulnerable Microsoft Exchange Servers

March 26, 2024

The German Federal Office for Information Security (BSI) has identified a significant security concern, with approximately 17,000 Microsoft Exchange servers in Germany found to be exposed online and vulnerable to one or more critical security vulnerabilities.

These servers, many of which are used by educational institutions, healthcare providers, legal and financial consultants, local governments, and mid-sized businesses, are accessible from the internet due to enabled Outlook Web Access (OWA). The BSI has found that around 12% of these servers are utilizing outdated Exchange versions (2010 or 2013), which haven't received security updates since October 2020 and April 2023, respectively.

For those servers running on Exchange 2016 or 2019, approximately 28% have not been updated with patches for at least four months, leaving them susceptible to critical security flaws that can be exploited for remote code execution attacks. The BSI states, "Overall, at least 37% of Exchange servers in Germany (and in many cases also the networks behind them) are severely vulnerable. This corresponds to approx. 17,000 systems."

Despite repeated warnings from the BSI in 2021 regarding the active exploitation of critical vulnerabilities in Microsoft Exchange, the situation has not improved. Many server operators continue to neglect the release of available security updates in a timely manner. The BSI has urged administrators to keep their servers updated, install all available security updates, and ensure secure configuration of exposed instances.

To protect against active exploitation of the CVE-2024-21410 critical privilege escalation vulnerability disclosed by Microsoft last month, administrators are advised to enable Extended Protection on all Exchange servers using a dedicated PowerShell script. The threat monitoring service Shadowserver warned in February that 28,500 Microsoft Exchange servers were vulnerable to ongoing CVE-2024-21410 attacks, and confirmed BSI's findings that up to 97,000 servers, including over 22,000 from Germany, could be potentially vulnerable if Extended Protection wasn't enabled.

Microsoft is now automatically enabling Extended Protection on Exchange servers after installing the February 2024 H1 Cumulative Update (CU14). A year ago, Microsoft urged Exchange admins to keep their on-premises servers up-to-date, so they're always ready to deploy emergency security patches.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.