Reportedly, over 85,000 Microsoft Exchange servers remain exposed to multiple remote code execution (RCE) vulnerabilities, such as CVE-2023-21529, CVE-2023-21706, and CVE-2023-21707, due to IT teams operating the servers being slow to apply patches. According to a new report on CyberNews, the vulnerabilities were discovered in mid-February 2023, and Microsoft released a patch to address the issue quickly. However, many IT teams have yet to apply these patches. The report described the flaws as “extremely dangerous” as they can allow threat actors to run malicious code and compromise people’s inboxes and email messages sitting on the servers.
The researchers analyzed roughly 250,000 internet-connected Microsoft Exchange servers and found exactly 85,261 to be exposed to these RCE flaws, with most located in Germany, followed by the US, the UK, France, and Russia. The report stressed that similar vulnerabilities were exposed in the past by Russian state-sponsored actors, not unlike the ones used by the GRU in 2020 to engage in large-scale attacks against government agencies, businesses, and organizations.
The impact is roughly the same, but the vulnerabilities are different, making it hard to determine who might use these flaws and to what purpose. Companies in Russia and China preferred older versions of MS Exchange 2016, although newer versions were still used in the 2019 and 2013 releases, according to the report. The Shadowserver Foundation data suggests that the majority of IT teams disregarded this security threat and simply decided not to apply the fix.
