The CERT-Bund warns to X more than 15,000 Exchange servers in Germany, which are openly accessible from the Internet with at least one security vulnerability. Some of the vulnerabilities are already being actively exploited.
In March 2024, the BSI had already 17000 Exchange servers which are openly accessible from the Internet and contain known vulnerabilities.
Most servers are vulnerable to the vulnerability CSV-2024-26198, followed by CVE-2023-364439 and CVE-2023-36745. While most servers are vulnerable to a vulnerability from the year 2024, vulnerabilities from the year 2023 are in second and third place:
In just over half a year, this number has only been reduced by a good 2000 servers, so the question arises as to why there are still so many Exchange servers that are not at the current patch level. The current CU 14 for Exchange 2019 dates from February 2024 and the corresponding SU from April 2024, so you have actually had a good 5 months to install the updates.
Perhaps most companies do not know that updates for the Exchange Server should be installed urgently?
The Exchange Health Checker is the easiest way to get an overview of the update status and other security and configuration problems. The Exchange Health Checker can be downloaded here:
The Health Checker can then be executed in an administrative Exchange Management Shell:
.\HealthChecker.ps1An HTML output of the report can then be generated:
.\HealthChecker.ps1 -BuildHtmlServersReportGleich in den ersten Zeilen steht, ob man tätig werden muss. Wenn die Spalte „Vulnerability Detected“ rot angezeigt wird, ist in jedem Fall estwas nicht in Ordnung. Im weitern Bericht wird dann auch erklärt und häfig sogar mit einem Link erklärt was das Problem ist.
Incidentally, the 17000 servers in the March report corresponded to 37% of all publicly accessible Exchange servers in Germany. So there should be about 45000 Exchange servers in Germany, which is not a small number in my opinion. Unfortunately, so many publicly accessible and known vulnerable Exchange servers are not a small number either.
If this article is read by people with outdated Exchange servers, please write me a message via the contact form, I would be interested in the background and maybe I can help a little further.
Here on the blog there is also an overview of the current Exchange Server versions:
You can also sign up for the security update newsletter on this page. I will then send you an e-mail when there is a new security update for Exchange Server.