It only took cybercriminals 5 minutes to start scanning for Microsoft Exchange vulnerabilities

Microsoft Logo at Ignite
Microsoft Logo at Ignite (Image credit: Windows Central)

What you need to know

  • Cybercriminals started scanning the web for vulnerable Exchange servers within five minutes of vulnerabilities being disclosed.
  • That response time is three times faster than what's often seen with disclosed vulnerabilities.
  • The affordability of computing contributed to more people attempting to take advantage of the vulnerabilities.

Whenever vulnerabilities within popular pieces of software are made known, cybercriminals race to find ways to take advantage of them. Even more than normal, that was the case with the vulnerabilities in Microsoft's Exchange Server software. According to the 2021 Cortex Xpanse Attack Surface threat report from Palo Alto Networks, cybercriminals starting scanning the web for Exchange vulnerabilities within five minutes of them being made known (via ZDNet).

The report compiles data from enterprise companies that was gathered between January and March 2021. It explains that cybercriminals worked faster than usual to take advantage of the vulnerabilities in Microsoft Exchange.

Usually, when zero-day vulnerabilities are reported, cybercriminals will scan for them in as few as 15 minutes. In the case of Microsoft Exchange's vulnerabilities, it's said that cybercriminals were scanning within five minutes. This lines up with earlier reports that hackers raced to take advantage of unpatched Exchange servers.

When Microsoft disclosed four zero-day vulnerabilities in Exchange Server, it led to several attacks. Most notably, a group known as Hafnium exploited the vulnerabilities.

The report from Palo Alto explains that computing becoming more affordable has led to more attacks, "Computing has become so inexpensive that a would-be attacker need only spend about $10 to rent cloud computing power to do an imprecise scan of the entire internet for vulnerable systems." The report continues to say, "We know from the surge in successful attacks that adversaries are regularly winning races to patch new vulnerabilities."

Since a potential attacker only needs $10 to scan the entire web for vulnerable systems, it lowers the bar of entry for cybercriminals.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at