German Cybersecurity Authority Raises Alarm Over 17K Vulnerable Microsoft Exchange Servers

March 26, 2024

The German Federal Office for Information Security (BSI) has identified a significant security concern, with approximately 17,000 Microsoft Exchange servers in Germany found to be exposed online and vulnerable to one or more critical security vulnerabilities.

These servers, many of which are used by educational institutions, healthcare providers, legal and financial consultants, local governments, and mid-sized businesses, are accessible from the internet due to enabled Outlook Web Access (OWA). The BSI has found that around 12% of these servers are utilizing outdated Exchange versions (2010 or 2013), which haven't received security updates since October 2020 and April 2023, respectively.

For those servers running on Exchange 2016 or 2019, approximately 28% have not been updated with patches for at least four months, leaving them susceptible to critical security flaws that can be exploited for remote code execution attacks. The BSI states, "Overall, at least 37% of Exchange servers in Germany (and in many cases also the networks behind them) are severely vulnerable. This corresponds to approx. 17,000 systems."

Despite repeated warnings from the BSI in 2021 regarding the active exploitation of critical vulnerabilities in Microsoft Exchange, the situation has not improved. Many server operators continue to neglect the release of available security updates in a timely manner. The BSI has urged administrators to keep their servers updated, install all available security updates, and ensure secure configuration of exposed instances.

To protect against active exploitation of the CVE-2024-21410 critical privilege escalation vulnerability disclosed by Microsoft last month, administrators are advised to enable Extended Protection on all Exchange servers using a dedicated PowerShell script. The threat monitoring service Shadowserver warned in February that 28,500 Microsoft Exchange servers were vulnerable to ongoing CVE-2024-21410 attacks, and confirmed BSI's findings that up to 97,000 servers, including over 22,000 from Germany, could be potentially vulnerable if Extended Protection wasn't enabled.

Microsoft is now automatically enabling Extended Protection on Exchange servers after installing the February 2024 H1 Cumulative Update (CU14). A year ago, Microsoft urged Exchange admins to keep their on-premises servers up-to-date, so they're always ready to deploy emergency security patches.

Related News

• Russian Hackers Launch Widespread Cyberattacks Targeting Global Intelligence
• Critical Security Flaw Actively Exploited, Leaving Over 28,500 Exchange Servers at Risk
• Microsoft Warns of Critical Exchange Server Bug Exploited as Zero-Day

Latest News

• ShadowRay: Hackers Exploit Unpatched Ray Framework Vulnerability to Breach Servers
• Mozilla Quickly Patches Two Zero-Day Vulnerabilities Exposed at Pwn2Own Vancouver 2024
• China-Linked Threat Cluster Exploits Connectwise, F5 Software Vulnerabilities
• Critical Fortinet RCE Bug Exploited in Attacks: Security Researchers Release PoC Exploit
• Ivanti Alerts Customers to Critical Sentry RCE Vulnerability, Releases Urgent Patch