Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Over 350,000 Microsoft Exchange servers still open to flaw that’s under attack: Patch now

April 7, 2020
in Internet Security
Over 350,000 Microsoft Exchange servers still open to flaw that’s under attack: Patch now
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Very few organizations have applied Microsoft’s patch for a dangerous Exchange email server flaw that was being exploited by multiple state-sponsored hacking groups within weeks of its release, according to new research by security company Rapid7. 

The patch arrived in Microsoft’s February 11 Patch Tuesday, accompanied by a warning from Redmond that admins should patch as soon as possible because it anticipated future attacks on the remote code execution vulnerability. 

You might also like

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

Attackers started scanning the internet for vulnerable Exchange mail servers in late February, following the release of a technical report detailing how the bug worked, which was soon followed by several proof-of-concept exploits and a Metasploit module. 

But now, nearly two months on, Rapid7 researchers using the company’s Project Sonar to scan the internet have identified that at least 357,629 Exchange servers are vulnerable to CVE-2020-0688, representing 82.5% of the 433,464 Exchange servers in the scan.

Worryingly, Rapid7’s Tom Sellers notes that the flaw allows attackers to “completely compromise the entire Exchange environment (including all email) and potentially all of Active Directory”, depending on how the server has been implemented.

Given the high value of Exchange environments, security experts fear that the vulnerability could become a favorite for ransomware attackers and a juicy target for APT attackers who can use it to read a company’s email store.  

“The update for CVE-2020-0688 needs to be installed on any server with the Exchange Control Panel (ECP) enabled. This will typically be servers with the Client Access Server (CAS) role, which is where your users would access Outlook Web App (OWA),” explained Sellers. 

He also advised admins to determine whether attackers have attempted to exploit the Exchange vulnerability. Since attackers are required to have at least one valid credential for an email account on the Exchange server, Sellers notes that any account tied to attempted exploitation should be treated as compromised.   

Researchers at Kenna Security ran two analyses of patching rates for the Exchange bug. In the first it estimated that just 15% of vulnerable Exchange servers have been patched. A second analysis using a scan of 22,000 internet-facing Outlook Web Access (OWA) servers found that 74% are vulnerable and 26% were potentially vulnerable.  

“Drop everything and patch this vulnerability immediately. At present, this vulnerability presents more risk than most other vulnerabilities in the enterprise environment,” wrote Jonathan Cran, head of research at Kenna Security. 

“If patching simply isn’t possible, block access to ECP. Ultimately, vulnerabilities like these make a strong case for upgrading to Office 365.”

Rapid7’s scan also identified over 31,000 Exchange 2010 servers that haven’t been patched since 2012 as well as nearly 800 Exchange 2010 servers that have never been updated. 

It also found a high number of Exchange 2007 servers, which haven’t been supported since April 2017, and over 166,000 Exchange 2010 servers connected to the internet, which reach end of support on October 13.

“That’s a staggering number of enterprise-class mail systems that will be unsupported in a few months,” noted Sellers.

Credit: Zdnet

Previous Post

DataStax releases enterprise platform making graph fully native

Next Post

Pixelmator Photo for iPad Updates With Trackpad Support, Split View, and Machine Learning Color Matching Feature

Related Posts

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Next Post
Pixelmator Photo for iPad Updates With Trackpad Support, Split View, and Machine Learning Color Matching Feature

Pixelmator Photo for iPad Updates With Trackpad Support, Split View, and Machine Learning Color Matching Feature

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

9 Tips to Effectively Manage and Analyze Big Data in eLearning
Data Science

9 Tips to Effectively Manage and Analyze Big Data in eLearning

March 1, 2021
Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ
Machine Learning

Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ

March 1, 2021
The Future of AI in Insurance
Data Science

The Future of AI in Insurance

March 1, 2021
Machine Learning as a Service (MLaaS) Market Analysis Technological Innovation by Leading Industry Experts and Forecast to 2028 – The Daily Chronicle
Machine Learning

Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network

March 1, 2021
AI And Automation In HR: The Changing Scenario Of The Business
Data Science

AI And Automation In HR: The Changing Scenario Of The Business

February 28, 2021
Machine learning could aid mental health diagnoses: Study
Machine Learning

Machine learning could aid mental health diagnoses: Study

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 9 Tips to Effectively Manage and Analyze Big Data in eLearning March 1, 2021
  • Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ March 1, 2021
  • The Future of AI in Insurance March 1, 2021
  • Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network March 1, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates