"While the end of Windows 10 updates occupied most of the headlines, Microsoft's support for Exchange and a bunch of other 2016 and 2019-branded products ended on October 14, as scheduled a year earlier. Despite another warning from Microsoft in September, the vast majority of about 33,000 public-facing Exchange servers in Germany known to the BSI are still running Outlook Web Access 2019 or earlier."
"The affected Exchange servers may then have to be taken offline immediately to prevent compromise. This would severely restrict the communication capabilities of the affected organizations. Due to flat network structures and inadequate segmentation and hardening, the compromise of an Exchange server often quickly leads to a complete compromise of the affected organization's entire network, which can result in the leak of sensitive information, the encryption of data by ransomware and subsequent ransom demands, as well as weeks of production downtime."
Microsoft ended support for Exchange Server 2016 and 2019 on October 14. The German BSI found roughly 92% of about 33,000 public-facing Exchange servers in Germany remain on Outlook Web Access 2019 or earlier. Many affected servers belong to companies and public sector organizations including hospitals, schools, social services, local authorities, and medical offices. The BSI warned that unpatched critical vulnerabilities cannot be fixed by Microsoft and may force affected servers offline, limiting communications. Flat network structures and poor segmentation can allow an Exchange compromise to spread across networks, causing data leaks, ransomware encryption, ransom demands, and prolonged downtime. Microsoft offers an Extended Update Program providing security updates through April 14.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]