More than 46 thousand Microsoft Exchange servers are still vulnerable to ProxyLogon Attacks

More than 46 thousand out of 250 thousand Microsoft Exchange mail servers are still not protected from four critical vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065), which were exposed to active exploited in real attacks over the past few days.

Microsoft, government agencies and information security firms urged companies to update their Exchange servers and look for evidence that vulnerabilities were exploited and web shells installed on their systems. Several online tools have been released to assist with these operations.

The Dutch Vulnerability Disclosure Institute scanned the Internet for Exchange servers with the patch installed, and then notified the organizations that failed to complete the update. Although about 80% of Exchange servers have received fixes for ProxyLogon vulnerabilities and the total number of vulnerable servers has decreased in recent days, this has not resulted in the automatic removal of malicious shells on compromised systems.

Additionally, Microsoft has released additional security updates for Microsoft Exchange servers with unsupported versions of Cumulative Update that are vulnerable to ProxyLogon attacks. The patches are intended to be installed only on computers running versions of Exchange Server that do not support the March hotfixes released last week.

"This is only intended as a stopgap measure to help protect vulnerable systems right now," the Exchange team explained.

Previous Post Next Post