Despite Microsoft issuing patches around eight months ago, 61% of Exchange servers are still left vulnerable.
Over half of the exposed Exchange servers are vulnerable to a severe bug that allows authenticated attackers to effectively execute code remotely with system privileges – even after Microsoft issued a fix.
The vulnerability in question exists in the control panel of Exchange, Microsoft’s calendaring server, and mail server. The flaw stems from the server that fails to properly create unique keys at the installation time, was fixed under Microsoft’s February Patch Tuesday updates. And, the admins in March were warned about the unpatched servers being exploited in the wild by advanced persistent threat (APT) actors who remain unnamed.