On Feb 11, 2020, Microsoft released security updates to address a vulnerability in Microsoft Exchange that would allow an attacker to turn any stolen Exchange user account into a complete system compromise. In many implementations, this could be used to completely compromise the entire Exchange environment (including all email) and potentially all of Active Directory.
We’ve used Project Sonar to perform a global survey of internet-facing Exchange servers, and what we’ve found is very concerning. As of March 24, there were over 350,000 Exchange servers exposing a version of the software that has this vulnerability.
If your organization is using Exchange and you aren’t sure whether it has been updated, we strongly urge you to skip to the Taking Action section immediately.
The global view
On March 24, we used Project Sonar to survey the internet for publicly facing Exchange Outlook Web App (OWA) services. What we found was that at least 357,629 (82.5%) of the 433,464 Exchange servers we observed were known to be vulnerable. We believe that some of the servers we’ve marked as Safe in the graphic below are unpatched. Our remote, unauthenticated check doesn’t provide the version precision we’d need in order to be sure and our testing found that the related Microsoft update wasn’t always updating the build number, which leads to a degree of uncertainty.
The image above is concerning not just because of the number of servers missing the update for CVE-2020-0688 but also because of how many other upd ..
Support the originator by clicking the read the rest link below.
){kind=link}