There’s no good way of putting this other than to say that if you run an unpatched Exchange server that’s open to internet access, you are a blithering idiot. By unpatched, I mean a server that is not completely up to date with all security updates issued by Microsoft.

To hear more about how attackers probe for vulnerable systems, register for the TEC 2021 conference and attend Alex Weinert’s session at 1:30PM ET on September 1.

Way Too Many Unpatched Servers Remain Online

Despite the horrendous damage wreaked in March 2021 by the Hafnium exploit, it seems like there’s still many Exchange servers connected to the internet which are vulnerable to attack. An August 21 report says that almost 2,000 Exchange servers have been hacked in the previous two days. Even worse, an August 8 scan for vulnerable servers identified 30,400 servers ready and waiting to be attacked from the sample examined. And then there’s the small matter of the list of over 100,000 internet-connected Exchange servers being circulated in the cybercrime community to make it easy for attackers to find potential prey.

Earlier this month, Steve Goodman sounded the alarm about the ProxyLogon technique developed by Orange Tsai, a security researcher in Taiwan. If you’re unconvinced that this is a threat, have a look at this YouTube video. The point is that the vulnerabilities uncovered by Tsai are known to attackers and can be exploited against unpatched and unprotected servers which sit there on the internet like a big fat target.

Get Patched or Get Online

If you can’t wrap your head about the need to protect servers, you should move online and let Microsoft take care of the block and tackle necessities of network security. People with no interest in applying security patches shouldn’t run servers. Get out of the way and let others protect your users and your organization. It’s the decent thing to do.

Unpatched Exchange Servers Remain at Risk

About the Author

Tony Redmond

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He is the lead author for the Office 365 for IT Pros eBook, the only book covering Office 365 that is updated monthly to keep pace with change in the cloud. Apart from contributing to, Tony also writes at to support the development of the eBook. He has been a Microsoft MVP since 2004.

Leave a Reply