Not Vulnerable? 3 Reasons to Worry About the Microsoft Exchange Hacks

A little more than a week into the Microsoft Exchange Server cyber-attack leveraging four zero-day exploits, organizations and governments continue to work on mitigation strategies – namely patching – and to uncover the extent, nature, and damage of the attack.

DevOps Connect:DevSecOps @ RSAC 2022

Whether you were never vulnerable to the exploit or patched before a compromise occurred, the Microsoft Exchange zero-day exploits have created a new normal for business communications. And while few are addressing this reality today, it’s a fact that all organizations will need to be aware of, manage, and protect against going forward.

What Makes the Microsoft Exchange Attack So Special?

The biggest differences are two-fold:

  • The scale of the attacks eclipses even the massive SolarWinds software supply chain breach.

  • The second, is that you can’t know if the people you’re communicating with have been compromised.

3 Reasons You Need to Worry, and Take Immediate Action

Within the last week, Microsoft issued an emergency patch and alternative mitigation techniques for its flagship Exchange Server reportedly attacked by Chinese nation-state actors in an automated malicious campaign and impacting potentially hundreds of thousands of victims globally and around sixty thousand in the United States.

While organizations should follow best practices to remediate the vulnerabilities, this particular cyber-attack doesn’t end there – for a number of reasons.

1. Who didn’t apply the patch?

The first issue is who has or hasn’t applied the patch and when.

A 2020 report from security firm Rapid7 looked at patch adoption rates for one Microsoft Exchange Server bug.

Eight months after the patch was released, the report found 61% of organizations still failed to apply the patch. Apply that percentage to the Microsoft Exchange Server vulnerability and we have the equivalent of 18,300 or more unpatched email servers in the U.S. alone.

At this rate, it (Read more...)

*** This is a Security Bloggers Network syndicated blog from The Mission Secure Blog authored by Paul Robertson. Read the original post at: