Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

German government warns thousands of Microsoft Server instances are at risk online

Close up of a person touching an email icon.

The German government has once again warned education organizations, law firms, healthcare companies, and others, that their Microsoft Exchange servers are vulnerable, meaning they could be a prime candidate for cyberattacks.

The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik - BSI) released a new security paper, in which it warned that roughly 45,000 Microsoft Exchange Servers in the country have Outlook Web Access (OWA) enabled, making them accessible from the internet. 

Of that number, roughly one in eight (12%) use Exchange instances that are long past their end-of-life dates (versions 2010 and 2013, which received their last updates in October 2020 and April 2023). Then, there are Exchange servers 2016 and 2019, 28% of which haven’t been patched for months and are vulnerable to at least one critical severity flaw that can be used to run malicious code, remotely.

"Shadow vulnerability"

"Overall, at least 37% of Exchange servers in Germany (and in many cases also the networks behind them) are severely vulnerable. This corresponds to approx. 17,000 systems. In particular, many schools and colleges, clinics, doctor's offices, nursing services and other medical institutions, lawyers and tax consultants, local governments, and medium-sized companies are affected," the BSI said in the paper, BleepingComputer translates.

This is not the first time the BSI is warning organizations in the country about Exchange. In 2021, it did the same thing, even describing the situation in the country as “situation ‘red’”, BSI reminds. “Nevertheless, the situation has not improved since then, as many Exchange server operators continue to act very carelessly and do not release available security updates in a timely manner."

Organizations using Microsoft Exchange servers should make sure they always use the latest version and apply the security patches as soon as they’re available.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.