Massive risk 92% of Exchange servers in Germany unprotected after Microsoft support ends

A staggering 92% of on-premises Microsoft Exchange servers in Germany are running outdated versions that will never receive another security patch, according to a warning issued by the German Federal Office for Information Security (BSI).

The BSI in Germany knows of approximately 33,000 on-premise Exchange servers, and they have Outlook Web Access openly accessible from the internet. That means that around 30,360 servers are currently running Exchange 2019 or older, while the only supported Exchange Server Subscription Edition (SE) version was found on the remaining 2,500+ systems. Over 45% of Exchange servers in the country are running version 2019, while around 40% are running version 2016.

“In addition to thousands of companies, a large number of hospitals and doctors’ offices, schools and universities, social services, law and tax firms, public utilities, and municipal administrations are also affected,” the translation of the BSI alert reads. The watchdog warns that many organizations have flat network structures and insufficient segmentation and hardening. Compromised Exchange servers can quickly escalate to complete compromise of the affected organization’s entire network, leading to sensitive data theft, ransomware deployment, and production outages lasting for weeks.

“Should a critical vulnerability in Microsoft Exchange become known in the near future – as has happened several times in recent years – it cannot be patched with a security update. The affected Exchange servers may then need to be taken offline immediately to avoid compromise. The consequence would be a massive disruption of the communication capabilities of the affected organizations,” BSI warns.

To read the complete article see: Cybernews