The Download
The German agency responsible for information security, BIS, warned last week that over 17,000 unpatched Microsoft Exchange servers pose severe security risks to the nation. This warning follows the US's CISA warning last month about 97,000 vulnerable Microsoft Exchange servers in the US. CISA added CVE-2024-21410 to its Known Exploitable Vulnerability (KEV) list. The German BIS considers the threat of this vulnerability severe enough it is emailing network providers daily urging them to patch.
What You Can Do
It should go without saying that if you have an unpatched Microsoft Exchange then you need to patch it immediately. It's important to recognize many organizations have legacy Exchange servers still online that were migrated to Microsoft M365 in the cloud. While those cloud instances are patched, your legacy servers likely are not. In other words, you may not even be aware your legacy Exchange server creating an attack surface for your organization. The best way to find out is to scan your attack surfaces.
To Learn More: