Germany's cybersecurity agency, BSI, has raised a serious warning: 92% of Exchange servers in the country are still running outdated software, specifically versions from 2016 and 2019 that Microsoft stopped supporting on October 14. With around 33,000 public-facing Exchange servers in Germany, this includes a mix of private companies and public institutions like hospitals, schools, and local authorities. The BSI highlighted the risks associated with these out-of-support systems, noting that past vulnerabilities in Exchange Server have led to significant security breaches. Organizations with unsupported Exchange servers are at a heightened risk of network compromise. If new critical vulnerabilities surface, Microsoft won’t provide fixes, leaving these systems defenseless. The BSI pointed out that compromised Exchange servers can lead to widespread network failures, data leaks, and ransomware attacks, resulting in severe operational disruptions. Microsoft is offering a six-month extension of security updates for those still using these outdated versions, but after April 14, 2024, organizations will need to migrate to the newer Subscription Edition or find alternative solutions. The advisory stresses the importance of securing Exchange servers by limiting their exposure to the web and using VPNs or only allowing access from trusted IP addresses. Past incidents like ProxyShell and ProxyLogon illustrate the potential fallout from failing to patch these systems, with attackers exploiting vulnerabilities to gain extensive control over networks. As the deadline approaches, the urgency for organizations to upgrade or change their systems becomes increasingly critical.