China's Salt Typhoon exploited a known vulnerability, CVE-2021-26855, in Microsoft Exchange Servers to infiltrate US telecom and governmental networks. Despite the availability of a patch since March 2021, a staggering 91 percent of the nearly 30,000 vulnerable Exchange instances remain unpatched. This failure to update stands in stark contrast to other vulnerabilities that have seen over 92 percent remediation. Salt Typhoon maintains a stealthy presence using custom malware, emphasizing the urgent need for organizations to address known vulnerabilities.
One of the critical security flaws exploited by China's Salt Typhoon to breach US telecom and government networks has had a patch available for nearly four years.
91 percent of the nearly 30,000 openly reachable instances of Exchange vulnerable to CVE-2021-26855, aka ProxyLogon, have not been updated to close the hole.
Collection
[
|
...
]