The figure of unpatched Microsoft Exchange Servers stands at around 30,000, down from a high of around 400,000.

Huge Reduction in Vulnerable Microsoft Exchange Servers

An exact total number of vulnerable Microsoft Exchange Servers isn’t known.

However, on March 2, when Microsoft released its first set of security patches, around 400,000 Exchange Servers were vulnerable to the ProxyLogon vulnerability. One week after the security patches were launched and implemented, on March 9, that figure had dropped to around 100,000 unpatched servers.

Now, Microsoft’s latest report indicates that there are under 30,000 vulnerable Exchange Servers remaining.

Since that tweet, it’s likely the number has decreased further.

Microsoft has taken substantial steps towards protecting the vulnerable Microsoft Exchange Servers in the face of the prolonged ProxyLogon vulnerability. For example, the Exchange On-Premises Mitigation Tool (EOMT) is a one-click ProxyLogon patching tool that makes it easier for Microsoft Exchange Server customers to rapidly secure their infrastructure.

Microsoft has also added an automatic patching tool Microsoft Defender. According to a post on the official Microsoft Security blog, customers using Microsoft Defender Antivirus and System Center Endpoint Protection will “automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed.”

Is This the End of ProxyLogon?

ProxyLogon has been a serious issue for Microsoft’s Exchange Server customers. The attack has affected tens of thousands of servers, covering businesses of all shapes and sizes.

The ProxyLogon vulnerability strung together four zero-day exploits to attack Microsoft Exchange Servers. After the disclosure of the vulnerability, multiple industries around the world reported a surge in attacks, with Microsoft Exchange Server customers reporting cryptocurrency mining malware, various types of ransomware, web shells, and more all being deployed by malicious parties.

An ESET Research blog post found that Microsoft Exchange Servers were under attack from “at least 10 APT [Advanced Persistent Threat] groups,” all of whom were seeking to capitalize on the vulnerability.

The ProxyLogon vulnerability isn’t quite over. There are still more than 20,000 vulnerable Microsoft Exchange Servers, but customers and security firms alike will hope that the end is in sight.