The German Federal Office for Information Security (BSI) has issued a warning about critical vulnerabilities affecting at least 17,000 Microsoft Exchange servers in Germany.

These server vulnerabilities are being exploited for malicious activities by cybercriminals and nation-state actors, impacting sectors like education, healthcare, and medium-sized businesses.

The specific vulnerability, CVE-2024-21410, could allow attackers to gain code execution and compromise data or disrupt services.

Microsoft has released security updates to mitigate the vulnerability, which has also been recognized by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in its Known Exploited Vulnerabilities catalog.

Researchers have found approximately 97,000 servers worldwide that are vulnerable or potentially vulnerable, with a significant number located in Germany.

The BSI is calling for immediate action to install updates and secure servers to protect sensitive data and IT systems from substantial risk.