:strip_exif()/i/2004859240.jpeg?fit=%2C&ssl=1)
More than 57,000 Microsoft Exchange servers worldwide are still vulnerable to vulnerabilities known as ProxyNotShell. Microsoft released an update for this in early November remote code executionvulnerability.
The non-profit security organization Shadowserver keeps track of which Microsoft Exchange servers have not yet been upgraded and it says there monday there were still 57268 servers that didn’t have the correct version number. More than half, almost thirty thousand servers, are located in Europe. Seventeen thousand are in North America and more than six thousand servers are in China.
Shadowserver has been monitoring the ProxyNotShell vulnerability for some time and, for example, said on December 26 that there were still nearly 70,000 vulnerable Exchange servers, most in the United States and Germany.
ProxyNotShell consists of two vulnerabilities which Microsoft first warned about in late September. Back then, he was already actively exploiting the vulnerabilities that together with the criminals one remote code execution provided they have access to PowerShell and authenticated access to vulnerable Exchange servers.
At the time, Microsoft advised users to take steps that could stop the attacks, but according to Shadowserver, bad actors can now get around those steps. This is a server-side request forgery vulnerability CVE-2022-41040 in CVE-2022-41082. Early November Microsoft has released an update for vulnerabilities.
Now about 57K in the latest scans (for Jan 3rd). Let’s bring these numbers down! #ProxyNotShell https://t.co/lQWZEMsTbq https://t.co/5Myq568wfY
— Shadowservers (@Shadowserver) January 4, 2023
