Exchange server admins should ensure that the November 2022 security updates are installed. Otherwise, attackers could target multiple vulnerabilities and completely compromise systems.
Malicious code attacks have been taking place since September 2022. The situation recently worsened when an attacker exploited two vulnerabilities (CVE-2022-41082 “high“, CVE-2022-41080 “high“) combined in a new way.
Many vulnerable Exchange servers in Germany
In late December 2022, security researchers from the Shadowserver Foundation scanned the internet and are according to a post on Twitter encountered around 70,000 vulnerable servers. It should now according to current dashboard data still be about 60,000 systems. The figures show that there are almost 30,000 servers in Europe. In Germany there are still around 10,000 vulnerable Exchange servers at the beginning of 2023.
If attacks are successful, attackers have higher user rights and can execute malicious code. This usually leads to the complete compromise of systems. Attackers infect servers with the encryption Trojan Play, among other things.
In addition, they should permanently nest on servers via back doors. In view of the fact that Exchange servers are used in a company environment, this is particularly precarious, since attackers can cause a lot of damage in this position.
Long patch wait time
At the end of September 2022, the gaps made headlines for the first time. It took Microsoft about a month to release the security updates. Admins had to bridge the dangerous waiting time with several workarounds that were repeatedly improved.