Vulnerability Management, Patch/Configuration Management

Most Online Exchange Servers Vulnerable to ProxyLogon Still Not Fixed

Microsoft logo on the website homepage.

Ninety-one percent of almost 30,000 internet-exposed Microsoft Exchange Server instances impacted by the ProxyLogon flaw leveraged by Chinese state-backed threat operation Salt Typhoon are still vulnerable to attacks involving the bug nearly four years after it was patched, reports The Register.

Such lagging vulnerability remediation for ProxyLogon significantly contrasts patching activities for another pair of Ivanti flaws also leveraged in Salt Typhoon attacks, which have been addressed in over 92% of affected Ivanti devices, Tenable researchers found.

Tenable's report comes amid lawmaker discussions regarding China's Salt Typhoon, Volt Typhoon, and Flax Typhoon.

"While each group's targets and activities are unique, the 'eye' of each of these typhoons is they target unpatched and often well-known vulnerabilities for initial access, targeting public-facing servers," said Scott Caveza, staff research engineer at Tenable. "Despite the persistence of these threat actors, it's vital that organizations routinely patch public-facing devices and quickly mitigate known and exploited vulnerabilities."

You can skip this ad in 5 seconds