If you are living in Germany and administering some Exchange Servers then you can begin to worry.
The German Fededal Office for Information Security (Bundesamt für Sicherheit in der Informationtechnik - BSI) has identified a critical security concern about the poor state of Microsoft Exchange server patching in the country.
Of these servers in Germany, 12% are running a version which is no longer supported (such as Exchange 2010 or 2013) and around 25% are running Exchange 2016 or 2019 without vital patches. This means that at least 37% of Microsoft Exchange Servers in Germany are vulnerable to cyber attacks.
And this case shows us how vital are vulnerability and patch management systems for a company.
"The government regulator says there are 17,000 or more Exchange Server instances in Germany vulnerable to at least one critical vulnerability, out of around 45,000 public-facing servers in the Euro nation running the software."
"Of particular concern is fixing CVE-2024-21410, an elevation-of-privilege vulnerability that Microsoft patched last month. According to German investigators, it's not clear whether as much as 48 percent or so of the country's Exchange servers have fixed up this hole yet, and Microsoft did warn it's a trickier-than-normal update to apply."
"We're told BSI is now emailing network providers on a daily basis reminding them to shore up any vulnerable system it detects. It warns that criminals are already on the lookout to exploit these reported flaws and 'schools and universities, clinics, doctors' practices, nursing services and other medical facilities, lawyers and tax advisors, local governments and many medium-sized companies are particularly affected.'"
No comments:
Post a Comment