What Experts Say When To Patch Microsoft Exchange Vulnerabilities

With the story last week about the recently disclosed Microsoft Exchange vulnerabilities that have affected thousands of organisations, over the weekend, the White House has warned organisations have “hours, not days” to fix the vulnerabilities. Microsoft and security researchers warned that the vulnerabilities are being combined with ransomware and security experts have estimated that as many as 80,000 exchange servers around the globe remain unpatched and vulnerable to exploitation.

Experts Comments

March 15, 2021
Jerry Gamblin
Director of Security Research
Kenna Security
While I cannot speak directly to how Hafnium picked its targets and deployed the backdoor, I can talk to the broader issues of internet-wide scanning.  

 
In 2021 it is safe to assume if a system is exposed directly to the internet, it is continuously being scanned and probed by both services like Shodan and Census.io and "attackers" looking for easy targets. 
 

Understanding their attack surface should be a paramount concern for organisations in 2021. Open source tools like intrigue.io help
.....Read More
While I cannot speak directly to how Hafnium picked its targets and deployed the backdoor, I can talk to the broader issues of internet-wide scanning.  

 
In 2021 it is safe to assume if a system is exposed directly to the internet, it is continuously being scanned and probed by both services like Shodan and Census.io and "attackers" looking for easy targets. 
 

Understanding their attack surface should be a paramount concern for organisations in 2021. Open source tools like intrigue.io help with this and immensely. Once the attack surface is understood, organisations can work on minimising those as much as possible.
 

Organisations should also have an "emergency kill switch" well documented where they can pull a system quickly off the internet when they know mass exploitations against systems they have not been able to patch are happening.
  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.