Microsoft Exchange

German cyber agency warns 17,000 Microsoft Exchange servers are vulnerable to critical bugs

Germany’s top cybersecurity agency on Tuesday called on thousands of vulnerable organizations in the country to patch out-of-date Microsoft Exchange software.

According to a report by the German Federal Office for Information Security (BSI), at least 17,000 servers are vulnerable to one or more critical bugs, and cybercriminals and state actors are already actively exploiting several of these vulnerabilities to deliver malware and carry out cyberespionage or ransomware attacks.

The agency didn’t provide specific examples but said that local schools, universities, medical facilities, judicial services, local governments and medium-sized businesses are particularly under threat.

The BSI said that it has warned about the active exploitation of critical vulnerabilities in Microsoft Exchange several times since 2021 and temporarily declared the IT threat situation “red.” 

“Nevertheless, the situation has not improved since then, as many Exchange server operators continue to be very negligent in providing security updates,” the report said.

According to BSI, around 45,000 Microsoft Exchange servers in Germany can currently be accessed from the internet; around 12% of them are so outdated that security updates for them are no longer available.

Around 25% of all servers in Germany have 2016 and 2019 Exchange versions but are running outdated patch versions. In both cases, the servers are vulnerable to several critical vulnerabilities, BSI said.

The BSI called on the operators of the vulnerable software to use current Exchange versions and to install available security updates.

“The fact that there are tens of thousands of vulnerable installations of such relevant software in Germany must not happen,” said BSI’s president Claudia Plattner. 

“Companies, organizations and authorities unnecessarily endanger their IT systems and thus their added value, their services or their own and third-party data, which may be highly sensitive.”

“Cybersecurity must finally be high on the agenda. There is an urgent need for action,” she added.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.