Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Thousands of Microsoft servers are at risk from some serious security bugs

Microsoft logo outside building

IT teams operating Microsoft Exchange servers are very slow at patching their endpoints, resulting in thousands of devices still being vulnerable to some high-severity flaws. 

This is according to a new report on CyberNews, which claims more than 85,000 servers are still exposed to multiple remote code execution (RCE) vulnerabilities, namely CVE-2023-21529, CVE-2023-21706, and CVE-2023-21707. 

The report has described the flaws as “extremely dangerous” due to the fact that they can allow the threat actors to run malicious code and compromise people’s inboxes and email messages sitting on the servers.

Disregarding the threat

The flaws were discovered in mid-February 2023, with Microsoft being quick to release a patch to address the issue. 

However, many IT teams are yet to apply these patches, they’re saying. In fact, as per Shadowserver Foundation data, the number of vulnerable servers in February was 87,000, meaning the vast majority of IT teams basically disregarded this security threat and simply decided not to apply the fix. 

The researchers analyzed roughly 250,000 internet-connected Microsoft Exchange servers and found exactly 85,261 to be exposed to these RCE flaws (34.33%). Most of the vulnerable servers were located in Germany - 18,000 of them. 

The US is second-placed with almost 16,000 servers, followed by the UK (3,734), France (2,959), and Russia (2,775). Russia and China were particularly interesting, as companies in these countries preferred older versions of MS Exchange 2016, “although newer versions were still used in the 2019 and 2013 releases,” the researchers said. 

The impact is “roughly the same”, but the vulnerabilities are different. 

While it’s hard to determine who might use these flaws, and to what purpose, Cybernews does stress that “similar vulnerabilities” were exposed in the past by Russian state-sponsored actors. The publication claims these flaws are not unlike the ones used by the GRU in 2020 to engage in large-scale attacks against government agencies, businesses, and organizations.

Via: Cybernews

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.