German cybersecurity authority uncovers 17,000 exposed Microsoft Exchange servers

The authority noted that the servers are exposed to critical security vulnerabilities due to outdated versions and inadequate patching.

The German national cybersecurity authority issued a warning that over 17,000 Microsoft Exchange servers across Germany are currently exposed online, leaving them vulnerable to one or more critical security vulnerabilities.

According to the German Federal Office for Information Security (BSI), approximately 45,000 Microsoft Exchange servers in Germany have Outlook Web Access (OWA) enabled, rendering them accessible from the internet. A significant portion of these servers, around 12%, are still reliant on outdated versions of Exchange (specifically 2010 or 2013) that have not received crucial security updates since October 2020 and April 2023, respectively.

For those servers operating on Exchange 2016 or 2019 and exposed to the online realm, nearly 28% remain unpatched for a minimum of four months, making them susceptible to critical security flaws exploitable through remote code execution attacks.

Despite repeated warnings by the BSI since 2021 regarding the active exploitation of critical vulnerabilities in Microsoft Exchange—sometimes escalating the IT threat level to ‘red’—the situation has shown little improvement. The BSI notes that many Exchange server operators continue to exhibit negligence by failing to promptly implement available security updates.

The BSI concludes by emphasising the imperative for administrators overseeing these unpatched servers to prioritise the adoption of current Exchange versions, diligently apply all accessible security updates, and configure online-exposed instances with utmost security measures.