Exchange Server Hack Reveals the Importance of Patch Management
Microsoft released an emergency patch on March 2 to plug four security holes in Exchange Server with zero-day exploits continuing.
Exchange Server Hack Shows Why Patch Management Matters
Patch management can never be taken for granted. Yet it appears that many organizations are doing just that.
Microsoft released an emergency patch on March 2 to plug four security holes in Exchange Server. Zero-day attacks exploited these gaps to siphon off emails traffic. Yet despite the existence of the patch and publicity surrounding it, Microsoft continues to see multiple actors taking advantage of unpatched systems one week later. Clearly, patch management is not being given sufficient priority by these IT teams.
In some ways, it may be like the night sentries of old. Some feel asleep at four in the morning and didn’t notice the bad guys jumping the walls. But in the majority of cases, the sentries simply became inattentive. After many hours, days, weeks of walking back and forth along the parapet, they become certain that nothing would ever happen. They stopped looking. Their eyes glazed over and they mechanically paced along, no longer vigilant for any hint of danger, no matter how fleeing – until that fateful day when the castle was stormed on their watch.
Patch Management Vigilance
With Microsoft continuing to advise companies to patch Exchange Server, it appears that those looking after patch management inside some organizations have lost their sense of vigilance and urgency. Perhaps this vital Microsoft patch is sitting in a queue behind another dozen patches that need to be applied.
Perhaps some IT emergency has taken precedence. Perhaps the person dealing with patch management is on vacation. Whatever the excuse, every day without that Exchange patch raises the chances of bad actors getting inside, But then, they may well be there already, quietly infiltrating email accounts and snooping around for financials or confidential files.
Microsoft is so worried about the threat that it has issued a feed of observed indicators of compromise (IOCs) as well as information about various fixes, the details of the attack, and the threat actors involved. Beyond that, it goes without saying that the Exchange patch needs to be implemented immediately.
Organizational barriers to accomplishing this should be removed at once. Systems should be thoroughly checked for any evidence of possible compromise. And organizations should add more rigor to patch management processes. There is no place for complacency when it comes to prioritizing and installing updates and patches to fix gaping security holes.
How Syxsense Can Help
Within Syxsense, we take urgent patches very seriously. Our team evaluates, tests, prioritizes, and releases patches into our patch management system within three hours of issuance by the vendor. This leads the industry. It’s not uncommon for competitors to take many days to accomplish the same thing.
Syxsense Secure provides the technology, the automation, the processes, and the timeliness you need to stay up to date on patches, while also taking care of vulnerability scanning and IT management functions.