Most online Exchange Servers vulnerable to ProxyLogon still not remediated

Ninety-one percent of almost 30,000 internet-exposed Microsoft Exchange Server instances impacted by the ProxyLogon flaw leveraged by Chinese state-backed threat operation Salt Typhoon continue to be vulnerable to attacks involving the bug, tracked as CVE-2021-26855, nearly four years after it was patched, reports The Register.

Such lagging vulnerability remediation for ProxyLogon significantly contrasts patching activities for a pair of Ivanti flaws also leveraged in Salt Typhoon attacks, tracked as CVE-2023-46805 and CVE-2024-21887, which have been addressed in over 92% of affected Ivanti devices, findings from Tenable revealed. Tenable's report comes amid lawmaker discussions regarding China's Salt Typhoon, Volt Typhoon, and Flax Typhoon. "While each group's targets and activities are unique, the 'eye' of each of these typhoons is they target unpatched and often well-known vulnerabilities for initial access, targeting public-facing servers. Despite the persistence of these threat actors, it's vital that organizations routinely patch public-facing devices and quickly mitigate known and exploited vulnerabilities," said Tenable staff research engineer Scott Caveza.