According to recent scans by The ShadowServer Foundation and security researcher Yutaka Sejiyama, over 20,000 Microsoft Exchange servers are running outdated and unsupported software. These servers are vulnerable to multiple critical remote code execution vulnerabilities.
Thousands of Exchange Server 2007, 2010, and 2013 Instances Discovered
The scans uncovered over 20,000 end-of-life Microsoft Exchange servers reachable over the internet, with over half located in Europe. Breaking it down:
- 275 instances of Exchange Server 2007
- 4,062 instances of Exchange Server 2010
- 26,298 instances of Exchange Server 2013
Moreover, Sejiyama’s scans on Shodan in late November identified 30,635 machines with unsupported versions of Microsoft Exchange, indicating that the problem is more widespread than initially believed.
Despite awareness of the dangers of these outdated versions, the number of vulnerable servers exposed has only dropped by 18% since April 2022.
Servers Open to Exploits Like ProxyLogon and ProxyShell
The exposed systems are vulnerable to exploits like ProxyLogon and ProxyShell which enable remote code execution attacks. While patches exist for these vulnerabilities, servers running unsupported versions of Exchange cannot install them, leaving them open to compromise.
Even mitigations put in place can be bypassed by chaining the vulnerabilities with lesser known flaws. So upgrading deprecated versions is the only reliable protection.
The Dangers of Running Past End-of-Life Software
This discovery highlights the severe risks organizations take in continuing to operate servers past end-of-life. Once support stops, new vulnerabilities will remain indefinitely unpatched.
Cybercriminals are continuously finding and weaponizing new flaws in unmaintained software. So companies must prioritize upgrading outdated systems to supported versions. Failing to do so practically guarantees servers will end up compromised.
The large exposure of vulnerable Microsoft Exchange servers shows many organizations are still running dangerous misconfigurations. Identifying and upgrading these servers needs to become an urgent priority.
Stop attacks on Exchange Server with Messageware Z-Day Guard
Messageware Z-Day offers next generation threat hunting and protects Microsoft Exchange servers against zero day attacks. Z-Day detects changes to the environment that indicate the dropping of Command and Control (C&C) web shells. C&C web shells commonly reach out to the internet, enabling remote access to your network.
Z-Day is a server protection solution focused on detection, alerting, and response (MDR/MDAR) to zero-day attacks and server penetrations. Messageware Z-Day actively protects servers using embedded monitoring technology that cannot be turned off by malicious software.
Contact us to start your free trial.