Over 63,000 Unpatched Microsoft Exchange Servers Vulnerable to RCE Attack
In a concerning turn of events, over 63,000 Microsoft Exchange servers remain exposed online, failing to implement the necessary patches against the critical remote code execution (RCE) vulnerability, CVE-2023-36439. This vulnerability, among the four security flaws addressed by Microsoft’s November 2023 Patch Tuesday update, poses a significant threat to organizations due to its potential for severe exploitation. According to the Shadowserver Foundation, a non-profit entity committed to bolstering internet security, these servers are susceptible to the CVE-2023-36439 flaw. This vulnerability, identified through the servers’ x_owa_version header, affects Exchange Server 2016 and 2019, and it holds a significant CVSS score of 8.0.