Exchange Server Flaws Highlight Importance of Patch Management
Microsoft Exchange Server is the most widely used on-premises email server in the world. Naturally, that popularity makes it an enticing target for cybercriminals.
Just weeks after disclosing that hackers were exploiting a series of zero-day vulnerabilities in hundreds of thousands of Exchange servers worldwide, Microsoft had to issue more patches for four new critical Exchange vulnerabilities. Together, these weaknesses illustrate why companies must have a solid plan for the consistent and timely application of essential patches.
That’s easier said than done, however.
The overwhelming number of software vulnerabilities discovered each year make patch management one of the most time-consuming, challenging and exasperating tasks for internal IT teams. Security analysts say that coordinating the application of just one patch can take 30 days or more. More than 18,000 common vulnerabilities and exposures (CVEs)were cataloged in 2020 — almost 350 per week. Most companies lack the resources needed to test and apply patches as quickly as needed to prevent cybercriminals from exploiting a vulnerability.
According to the U.S. Computer Emergency Readiness Team, a division of the Department of Homeland Security, about 85 percent of all successful network intrusions result from unpatched systems. In fact, some of the Exchange Server vulnerabilities are believed to be more than 10 years old.
In early March, Microsoft issued emergency patches for four zero-day flaws that have been exploited in a series of attacks involving as many as 400,000 Exchange servers worldwide since January. In addition to updates for Exchange Server 2013, 2016 and 2019,Microsoft issued a patch for the unsupported Exchange Server 2010 — an indication that the flaw has existed for at least a decade.
Collectively known as Proxy Logon, the vulnerabilities could enable an attacker to bypass authentication measures, gain administrator-level access, install files and execute commands. In addition, hackers were installing Web shell backdoors that would allow them to control servers over the Internet from any browser.
Microsoft reports that more than 90percent of vulnerable servers have been patched, but that means there could still be tens of thousands of unpatched servers susceptible to remote code execution, server hijacking, ransomware, crypto-mining, data theft and other attacks.
The Latest Threat
As organizations were still dealing with those vulnerabilities, the National Security Agency informed Microsoft in early April that it had uncovered four new zero-day threats in Exchange Server2013, 2016 and 2019. According to the NSA, these flaws could allow hackers to remotely execute code that would give them control of mail servers and full access to the entire network.
Microsoft distributed patches for those flaws as part of its April Patch Tuesday update. Although the company says there is no evidence the latest vulnerabilities have actually been exploited in the wild, it urges companies to install the updates as soon as possible.
As noted previously, however, the patching process takes a toll on short-staffed IT teams that may be getting hundreds of updates from a variety of vendors. For example, the four new Exchange updates were among 114 patches issued by Microsoft on the same day, 19of them rated as critical. Tracking, prioritizing, testing and applying that many updates can quickly turn into a full-time job.
A good way to reduce your burden is to work with a trusted managed services provider such as SSD. We can automate the process as much as possible to ensure patches are applied in a timely manner. Additionally, we can develop a customized patch-management plan with a framework for prioritizing, testing and deploying patches. Give us a call to learn more about how our services can eliminate lapses in patch deployment and boost your overall security posture.