2025-01-24
Tenable Analysis: Many Exchange Servers Remain Unpatched Against ProxyLogon
Tenable researchers' analysis of Salt Typhoon's activity indicates that at least one of the vulnerabilities exploited by the state-sponsored threat actors remains largely unpatched. More than 90 percent of publicly-exposed Microsoft Exchange Servers are not patched against a critical remote code execution vulnerability, known as ProxyLogon, that was disclosed nearly four years ago. Tenable researchers contrast that number with other vulnerabilities exploited by Salt Typhoon: analysis of unpatched instances of 'Ivanti vulnerabilities (CVE-2023-46805 and CVE-2024-21887) ... found that these devices were fully remediated in over 92% of cases.'
Editor's Note
Well that's just embarrassing. The Tenable research doesn't factor in attacker stealthiness, just whether the patch was applied. No way that an organization can claim they practiced a 'standard duty of care' should they suffer a cyber breach.

Curtis Dukes
Are Microsoft products difficult to administer?

William Hugh Murray
If you're running an old exchange and have ProxyLogon vulnerabilities in your system, it's probably no longer just YOUR system.

Moses Frost
With all the targeting of Exchange servers, there should be no reason they are not being updated, publicly-accessible or otherwise. If you don't have the resources to keep them updated, it's time to move to hosted services; the cost of a compromise, and recovery, will easily eclipse the cost of moving to a hosted solution.
