I bet when you’ve read one of my articles about how scammers fool users out of their Office 365 credentials, you never dreamed the next use of those credentials would be to take over your organization’s Exchange server! But that’s exactly what’s possible with this vulnerability that has been published since February of this year.
Microsoft provided a patch for it on Patch Tuesday back in February, but newly updated Internet scan data from security vendor Rapid7 shows a massive number of Microsoft Exchange servers accessible from the Internet that are vulnerable to the published exploit. Some are running unsupported versions of Exchange, while others simply appear to not have been patched:
This news is terrifying! With administrative access to your organization’s Exchange servers, cybercriminals can run the gambit of scams – CEO fraud, brand and individual impersonation, business email compromise, island hopping to infect or scam partner or customer organizations, and more.
IT teams need to take steps to immediately patch any supported versions of Exchange Server, devise a plan to move off of any unsupported versions soon, and minimize Internet-based access to the Exchange environment.