The Federal Office for Information Security (BSI) is again warning of security gaps in Microsoft Exchange Servers. Despite previous warnings, thousands of servers remain unpatched and vulnerable to cyberattacks. What is behind this ongoing problem?
The Federal Office for Information Security (BSI) is sounding the alarm again: Thousands of Microsoft Exchange servers in Germany continue to have critical security gaps (via Günter Born). This worrying situation exists despite repeated warnings and the availability of security updates. The CERT-Bund, the BSI’s computer emergency unit, has published current figures that underline the urgency of the situation.
According to CERT-Bund, around 12,000 Microsoft Exchange Servers 2016 and 2019 can be accessed via the Internet with open Outlook Web Access (OWA), but do not have the latest security levels. This corresponds to around 28 percent of all Exchange servers of these versions in Germany. What is particularly alarming is that for around 6,500 systems, or 15 percent, the last security patch was installed over a year ago.
Two particularly critical vulnerabilities are the focus of the BSI warning. The vulnerability, known as CVE-2024-26198, allows an unauthenticated attacker to execute remote code. Microsoft has given this vulnerability a high risk score of 8.8. A patch to fix this was already released in March 2024.
Another serious vulnerability, CVE-2023-36439, allows authenticated attackers to gain extensive system privileges. This vulnerability was closed by Microsoft in November 2023. The fact that many servers are still vulnerable to these older vulnerabilities clearly shows how careless many organizations are with their IT systems.
The question that arises: Why are these critical updates not installed even though they are available for free? Experts suspect various reasons:
The consequences of this negligence can be serious. Unprotected Exchange servers are a popular target for cybercriminals, who can exploit these vulnerabilities to steal sensitive data or launch ransomware attacks.
The BSI is urging companies and organizations to update their Exchange servers immediately. The following steps are recommended:
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…
Amazon made a big mistake and revealed the entire lineup of the Google Pixel 11…
A payment card is easiest to understand when users see how it fits into real…
OnePlus will soon be history. At least in Europe and the USA. What has been…
Nintendo is reportedly still internally planning an OLED version of the Switch 2 for the…
Google appears to be starting to distribute the new immersive navigation for Google Maps. The…