Patching Microsoft Exchange servers is an absolute must.

Edward Gately, Senior News Editor

August 24, 2021

7 Slides

Attackers are actively scanning for vulnerable Microsoft Exchange servers and abusing the latest line of Microsoft Exchange vulnerabilities that the software giant patched earlier this year.

That’s according to Huntress. This past spring, cybercriminals used multiple zero-day exploits to attack on-premises Microsoft Exchange servers. Those who have not patched since April or May are not safe and could still be exploited.

Hammond-John_Huntress.jpg

Huntress’ John Hammond

Currently, Huntress has visibility over 1,300 Microsoft Exchange servers remaining unpatched and vulnerable. In addition, it has sent 370 incident reports for compromised servers.

To find out more about these Microsoft Exchange vulnerabilities, we spoke with John Hammond, Huntress‘ senior security researcher.

Channel Futures: Does this appear to be a continuation or resurgence of the massive cyberattack on Microsoft Exchange servers earlier this year? If not, how is this different?

John Hammond: Fortunately, the attacks on Microsoft Exchange servers that we are seeing now in August are not at the same size and scale as what we saw in March of this year. This is a new attack chain, dubbed ProxyShell, which differs from the ProxyLogon vulnerability we saw previously with the HAFNIUM threat. That is to say, this is not a continuation or resurgence of the previous attack, but we are seeing an increase in the number of compromised servers.

As of Aug. 24, according to Shodan, 20,674 Exchange servers across the United States remain unpatched. That is potentially a lot of ProxyShell carnage. Thankfully this isn’t a centralized, coordinated and widespread attack like HAFNIUM unleashed. But all the puzzle pieces are available and it very well could turn into that.

Scroll through our slideshow above for more from Huntress and other cybersecurity news.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsChannel Research

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like