A reminder - Microsoft Exchange Server 2013 went fully end of life earlier this year. If you present it to the internet for Outlook Web App, you are presently on fire.
It is not getting security patches. New vulnerabilities in it aren’t issued CVEs if vulnerable as Microsoft doesn’t test EOL products.
Your Qualys/Tenable/etc install will show no new vulnerabilities. It is wrong.
25k organisations are in this situation (with full OWA) and it is a tinder box. Highest percentage in US.
Kevin Beaumont /
npub176…fkwlw
2023-12-18 16:47:46
Author Public Key
npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlwSeen on
wss://relay.noswhere.comPublished at
2023-12-18 16:47:46Event JSON
{
"id": "598cc574ac224351e9461f7adcf8ee8ba2e2cdc1506f01f9a717fa3098f53011",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1702918066,
"kind": 1,
"tags": [
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/111602438415106173",
"activitypub"
]
],
"content": "A reminder - Microsoft Exchange Server 2013 went fully end of life earlier this year. If you present it to the internet for Outlook Web App, you are presently on fire. \n\nIt is not getting security patches. New vulnerabilities in it aren’t issued CVEs if vulnerable as Microsoft doesn’t test EOL products.\n\nYour Qualys/Tenable/etc install will show no new vulnerabilities. It is wrong. \n\n25k organisations are in this situation (with full OWA) and it is a tinder box. Highest percentage in US.",
"sig": "5d63bcb909ddc1f20c1577e37d53e6657037e2fd16823bb5f6ba66cf290e58964d9df6b5bc687ddc25e6ef6bb79672653b32bdcd7fa42ce1257a1cb4f78b1851"
}