Thousands of Microsoft Exchange servers left open to attack

These servers are located mostly in Europe (more than half), the United States (around 6,000), and different Asian countries (around 2,200), it was said.

Exploiting the flaws

But security researcher Yutaka Sejiyama from Macnica believe that the problem is even bigger than that. They took to Shodan to scan for vulnerable Exchange servers and found more than 30,000 endpoints, and that as of late November 2023, there were more than 26,000 instances of Exchange Server 2013, more than 4,000 Server 2010 instances, and 275 instances of Exchange Server 2007.

Earlier this year, in April, there were only 18% more vulnerable servers, which Sejiyama says is too slow of an upgrade rate.

“Even recently, I still see news of these vulnerabilities being exploited, and now I understand why. Many servers are still in a vulnerable state,” Sejiyama said.

Microsoft Exchange email servers are a popular target among cybercriminals as they allow them easy access into the target network, and often contain sensitive information such as login credentials, important communication, and vital files. In January this year, The ShadowServer Foundation warned that companies were too slow to patch their servers against ProxyNotShell, a vulnerability that allowed threat actors to execute malicious code, remotely.

The best way to remain secure against ProxyNotShell and other pests invading Exchange servers is to use the latest version of the software and keep it updated at all times.

Via BleepingComputer

More from TechRadar Pro

• Thousands of Microsoft Exchange servers are still vulnerable to this dangerous flaw
• Here's a list of the best firewalls today
• These are the best endpoint protection software right now