ShadowServer Foundation Detects Thousands of Vulnerable Microsoft Exchange Servers
Scans from the ShadowServer Foundation indicate that there are nearly 20,000 publicly available Microsoft Exchange servers that are running software that is no longer supported. More than half of the vulnerable servers are located in Europe; just over 6,000 are located in North America, and 2,200 are located in Asia.
It really is time to not host your own Exchange server. The cost of keeping it updated as well as keeping up with security settings needed in today's threat landscape generally exceeds the cost of M365 or other hosted service.
As all these exchange servers are externally facing, they can, and likely will be targeted by evil doers. What’s unknown is whether some of these servers are simply honeypots used to collect malware. In any event the only solution is to upgrade to a supported version of the mail server.
If your company cafeteria still serves sandwiches using mayonnaise with a “Use before April 12th, 2007” warning, you should probably fire the cafeteria manager. The same is probably true for whoever has made the decision to continue using Exchange Server 2007.
Read more in
Bleeping Computer: Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
ShadowServer: Vulnerable Exchange Server Report
Shadow Server: Results