There’s no good way of putting this other than to say that if you run an unpatched Exchange server that’s open to internet access, you are a blithering idiot. By unpatched, I mean a server that is not completely up to date with all security updates issued by Microsoft.
Way Too Many Unpatched Servers Remain Online
Despite the horrendous damage wreaked in March 2021 by the Hafnium exploit, it seems like there’s still many Exchange servers connected to the internet which are vulnerable to attack. An August 21 report says that almost 2,000 Exchange servers have been hacked in the previous two days. Even worse, an August 8 scan for vulnerable servers identified 30,400 servers ready and waiting to be attacked from the sample examined. And then there’s the small matter of the list of over 100,000 internet-connected Exchange servers being circulated in the cybercrime community to make it easy for attackers to find potential prey.
Earlier this month, Steve Goodman sounded the alarm about the ProxyLogon technique developed by Orange Tsai, a security researcher in Taiwan. If you’re unconvinced that this is a threat, have a look at this YouTube video. The point is that the vulnerabilities uncovered by Tsai are known to attackers and can be exploited against unpatched and unprotected servers which sit there on the internet like a big fat target.
Get Patched or Get Online
If you can’t wrap your head about the need to protect servers, you should move online and let Microsoft take care of the block and tackle necessities of network security. People with no interest in applying security patches shouldn’t run servers. Get out of the way and let others protect your users and your organization. It’s the decent thing to do.