LAST UPDATED: 2023-02-23
This report contains a list of vulnerable Microsoft Exchange servers found through our daily IPv4 full Internet scans and IPv6 hitlist based scans.
As of 2023-02-15 this scan contains information on services with the following remote code execution vulnerabilities:
Notes on CVE-2021-26855
The CVE-2021-26855 vulnerability assessment is made based on Microsoft’s http-vuln-cve2021-26855.nse nmap detection script.
Other vulnerability assessments are made on the version observed.
This report comes in two versions, for IPv4 and IPv6.
Notes on CVE-2022-41082
If you receive an alert for CVE-2022-41082 make sure to apply the latest Microsoft patch (from November 8th, 2022). It is not enough to implement the previously recommended mitigation. As discovered by Crowdstrike, the mitigation proposed can be bypassed.
We make our assessment based on x_owa_version header.
Exchange Versions Vulnerable to CVE-2022-41080/CVE-2022-41082
2019
15.2.1118.15 - 15.2.1118.7 <-- strict match of all 4 numbers required
15.2.986.30 - 15.2.986.5 <-- strict match of all 4 numbers required
15.2.922.27 - 15.2.196.0 (anything less than or equal to 15.2.922 )
^^^ looser match of the first 3 numbers is required
2016
15.1.2507.13 - 15.1.2507.6 <-- strict match of all 4 numbers required
15.1.2375.32 - 15.1.2375.7 <-- strict match of all 4 numbers required
15.1.2308.27 - 15.1.225.16 (anything less than or equal to 15.1.2308)
^^^ looser match of the first 3 numbers is required
2013
15.0.1497.31 - 15.0.1497.2 <-- strict match of all 4 numbers required
15.0.1473.6 - 15.0.516.32 (anything less than or equal to 15.0.1473)
^^^ looser match of the first 3 numbers is required
Dashboard
You can track vulnerable Exchange scan results on the Shadowserver Dashboard. You can also check for specific CVEs by selecting source “exchange” and the appropriate CVE tags here.
Full Exchange exposure (population scan) can also be found on the Shadowserver Dashboard.
For more information on our Exchange scanning efforts, please read about our previous special reports.
For more information on our scanning efforts, check out our Internet scanning summary page.
You can learn more on our reports in general in our Overview of Free Public Benefit Shadowserver Reports presentation, which also explains example Use Cases.
Filename(s): scan_exchange, scan6_exchange.