There are still thousands of cyber attacks targeting zero-day security vulnerabilities in Microsoft Exchange Server every single day as cyber criminals attempt to target organisations which have yet to apply the security patches released to mitigate them, according to a tech security company.

Microsoft released critical updates to secure Microsoft Exchange Servers against the four vulnerabilities on March 2 with organisations urged to apply them as a matter of urgency to prevent cyber attacks to their email servers.

But weeks later, many organisations are yet to apply the critical updates for Microsoft Exchange Server and cyber attackers are taking advantage to gain access to servers while it remains possible.

 

And cyber criminals are doing just that, with security researchers at F-Secure identifying tens of thousands of attacks targeting organisations around the world which are still running vulnerable Microsoft Exchange Server every day. According to F-Secure analytics, only about half of the Exchange servers visible on the internet have applied the Microsoft patches for these vulnerabilities. 

"Tens of thousands of servers have been hacked around the world. They're being hacked faster than we can count. Globally, this is a disaster in the making," said Antti Laatikainen, senior security consultant at F-Secure.

The fear is that an attack which successfully compromises a Microsoft Exchange Server not only gains access to sensitive information that's core to how businesses are run, but could also open the door for additional attacks – including ransomware campaigns.