Nearly 17,000 internet-exposed Microsoft Exchange servers across Germany were confirmed by the country's Federal Office for Information Security, or BSI, to have significant security issues, reports BleepingComputer.
Numerous healthcare providers, tax consulting firms, academic entities, and medium-sized companies across Germany have been leveraging the vulnerable Exchange servers, which include outdated Exchange 2010 and 2013 implementations, as well as Exchange 2016 and 2019 instances that have been unpatched for four months or longer, according to the BSI.
"As early as 2021, the BSI warned several times against the active exploitation of critical vulnerabilities in Microsoft Exchange and temporarily called the IT threat situation 'red.' Nevertheless, the situation has not improved since then, as many Exchange server operators continue to act very carelessly and do not release available security updates in a timely manner," said the BSI.
The agency has recommended immediate upgrades to newer Microsoft Exchange versions and application of the latest patches.
