20,000 Microsoft Exchange servers horribly dated and vulnerable to attacks

Tens of thousands of Microsoft Exchange servers are hopelessly outdated and therefore vulnerable to hackers. The majority of the systems are in Europe.

Tens of thousands of publicly accessible email servers run old versions of Microsoft Exchange, for which there is no longer support. The majority of systems are therefore vulnerable to attacks. More than half of the dated Exchange instances run in Europe. The figures come from the Shadowserver Foundationa non-profit organization that wants to make the internet as safe a place as possible.

Many European servers

In total, the organization sees 19,706 vulnerable servers worldwide. 10,047 dated Exchange mail servers are located in Europe. The US comes in second with 6,001 servers, which is a lot less. This shows that European organizations are a lot worse at implementing updates. A more fragmented business landscape with a greater focus on SMEs may play a role in this.

The majority of outdated systems run on Exchange Server 2013. Microsoft stopped support for this in April this year, which means that users will no longer receive security updates. Older versions of the mail server are also still in circulation.

Moreover, not all of the outdated installations run the latest available version of the Exchange software. Systems are so vulnerable to, among other things, Proxylogon. In practice, it is very dangerous not to update Microsoft Exchange servers, even though they can be accessed via the Internet.

Popular back gate

Exchange on-premises has proven time and again to be a popular vector for criminals who break into the company infrastructure through the mail service. A cracked mail server is a perfect stepping stone for more complex attacks, where attackers can gain control of the entire IT infrastructure with all the consequences that entails.

So updating is the message. Organizations that now discover that they are still running an old version and cannot immediately update must ask themselves whether they have the necessary IT knowledge in-house to secure their email systems. If that is not the case, you may wonder whether an on-premises version of your email traffic is the best option. A migration to Exchange Online, managed by Microsoft, can solve many security headaches in such a case.