A new report from ShadowServer Foundation revealed a very worrying reality in the context of email servers Microsoft Exchange.
According to the study, in fact, they are circa 20.000 companies that are using software versions that have reached the end of their life cycle and, in this condition, are destined to no longer receive updates in the future. We are talking about servers that are located, in more than half of the cases, in Europa. The situation is better in United Stateswith approx 6,000 servers at riske in Asia (circa 2.200).
If the situation appears worrying, for some experts it is even more critical. The security researcher Yutaka Sejiyama Of MacnicaIn fact, it identified 26,000 instances stuck with Exchange Server 2013, 4,000 with Server 2010 and 275 ancora ferme ad Exchange Server 2007.
With such dated software and the many threats on the Web, it is easy to understand how these stations are potentially easy prey for cybercriminals. According to Sejiyama, in fact, at the beginning of April 2023, the 18% of the total such servers were vulnerable to attacks.
Microsoft Exchange: the importance of keeping servers updated
On the other hand, in this precise context, cybercriminals appear quite active. Exchange servers, in fact, often offer easy access and contain sensitive information, from login credentials a important documents for companies. Despite constant warnings to keep our guard up, through constant updates and staff training, many businesses seem reluctant to take adequate countermeasures.
In January this year, the ShadowServer Foundation warned that companies were too slow to patch their servers against ProxyNotShellan exploit that allowed threat actors to execute malicious code remotely.
Only last October, the same servers proved to be at risk with respect to two new ones zero-day vulnerability. The exploits, identified by GTSC and reported in record time to Zero Day Initiative (IT SEEMS) e Microsofthave demonstrated once again how this type of server is potentially at risk.