Microsoft reports that 92 percent of all Exchange Servers vulnerable to recently uncovered zero-day flaws have now been patched and updated. While that’s good news, there are still tens of thousands of unpatched servers that remain susceptible to a range of potentially devastating exploits such as remote code execution, server hijacking, ransomware, cryptomining, data theft and backdoor attacks.
Collectively known as the ProxyLogon vulnerability, the zero-day flaws could be exploited to bypass authentication measures, allowing an attacker to impersonate an administrator and execute a variety of arbitrary commands. More than 400,000 on-premises Exchange email servers were initially affected, but officials say that number has dropped to about 30,000 since Microsoft issued emergency patches for Exchange Server 2019, 2016, 2013 and 2010 in early March.
It’s important to note that cloud email services such as Exchange Online and Microsoft 365 were unaffected. That’s because Microsoft provides layers of advanced security measures, including patch management, as part of these services. Few organizations have the internal resources to match that level of protection.
Patch Overload
In fact, patch management has become one of the most time-consuming, challenging and exasperating tasks internal IT teams must tackle. Studies show that it takes an average of 12 days to coordinate the application of a single patch across all devices. With a record 18,103 common vulnerabilities and exposures (CVEs) discovered in 2020 — nearly 350 per week — it is clear that most companies can’t test and apply patches fast enough to prevent cybercriminals from exploiting a vulnerability.
Given the time constraints, many patches are simply ignored. The Department of Homeland Security estimates that 85 percent of successful network exploits involve unpatched flaws. For example, a patch that would have prevented the WannaCry ransomware attack in 2017 had been available for two months before that malware began to spread.
Although most organizations are aware of the potential consequences of not patching, they simply don’t have the tools or manpower to keep pace. Many are still tracking patch status manually, trying to apply the most critical patches as their schedules allow. There are far better alternatives.
MSP and Cloud Alternatives
A managed services provider (MSP) with expertise in automated patching solutions can reduce your exposure. These solutions can discover what applications and devices exist on your network and track their patch status. They will also prioritize patches according to the likely impact of vulnerabilities, ensuring that the most critical patches are applied in a timely fashion.
Migrating to a cloud-based email platform can also help. As the Exchange attacks show, on-premises email servers are inviting targets for malicious actors. Once inside, hackers can steal sensitive information or launch other damaging attacks.
Cloud email providers ensure their servers always have the latest patches and updates installed. Additionally, economies of scale allow cloud providers to make significant investments in security features that in-house systems might lack. For example, cloud providers encrypt data at rest and have the strongest possible identity and authorization features and content filtering capabilities.
Patching is an essential security practice, but most organizations struggle with the process even under the best of circumstances. The extreme proliferation of critical patches being issued by vendors is making it nearly impossible to apply them all in a timely fashion with traditional manual processes. We’d welcome the opportunity to show you how we can relieve you of the patch management burden, help you migrate to cloud-based email and boost your overall security.
