The Exchange Flaws That Microsoft Fixed Last Week Are Going to Stay Around for a While

  • The Microsoft Exchange flaws fixed a few days ago will not get patched any time soon.
  • Already, there are tens of thousands of victims, and the problem extends globally.
  • The software firm has also published mitigations for those who can’t patch right now.

Every time a critical patch inevitably rolls out, a significant portion of the affected systems' admins essentially ignore it. There’s just no way to have simultaneous and instantaneous patching if a central authority doesn’t enforce it. And, every time, we’re seeing the only possible alternative to this, which includes repeated pleads coming from all directions, info-sec companies, cybersecurity agencies, governments, and the press.

In the case of the Exchange flaws that we covered earlier in the week and which Microsoft fixed through a patch, we have exactly the same situation. However, and because these vulnerabilities have been around for at least two months now, there are many questions about who may have already been compromised through them.

According to White House press secretary Jen Psaki, the number of victims is large, no doubt, currently estimated to include over 20,000 organizations in the United States.

Outside of the U.S., the Czech Republic's Labour Ministry has already confirmed its compromise, while the Norwegians are also counting several victims, and the list is growing quickly.

Considering the number of Exchange users around the world, the Chinese hackers who were actively exploiting the flaws have had a galore of target candidates, such that compromising them all within two months would be challenging, if not impossible. So, the sheer number of vulnerable agencies is the only thing that has saved many of them since the start of the year.

Right now, everyone’s in a race to patch, and it is considered certain that many will still neglect the urgency, and we will keep on seeing victims popping up here and there for many months to come. According to Reuters, at this time, only 10% of the vulnerable Exchange servers have patched the 0-days. This means hackers besides the Chinese group of “HAFNIUM” are enjoying a wide spectrum of targeting opportunities at this moment.

So, the important thing is that everybody patches their Exchange servers now, helping in containing the problem which is currently ongoing. If you are unable to patch for any reason, which is not uncommon in several fields, you should take a look at Microsoft’s mitigations and pick one of the recommended solutions. Some will impact aspects of the solution’s functionality, but they will secure the mail servers from being accessed by hackers.

REVIEW OVERVIEW

Latest

How to Watch Westworld Season 4 Online From Anywhere

The fourth season of your favorite science fiction dystopian TV series is set to premiere soon, and we know you want to...

How to Watch 2022 BET Awards Online From Anywhere

The 2022 BET Awards are here, so be ready to celebrate African American entertainers who have excelled in the field of music,...

How to Watch Jack Osbourne’s Night of Terror: Bigfoot Online From Anywhere

Discovery+ is here with a new 2-hour special featuring Jack Osbourne, and we're looking forward to watching it online. If you're interested...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari