The ticking time bomb of Microsoft Exchange Server 2013

This report details opportunistic ransomware incidents impacting internet-facing Microsoft Exchange Server 2013 instances: attackers obtained network access and code execution (likely via known post-authentication Exchange vulnerabilities), and many organizations—around 25,000 IPs with OWA exposed, including government systems—remain vulnerable due to end-of-support software and scanner blind spots.