This week has seen significant press for the Exchange Server Vulnerability #HAFNIUM. Indeed #Microsoft have been forced into rapidly preparing patches from not only this but other threats that are exploiting the same shortcoming in the software. The exploits are require the use of soft passwords to be successful
The respected global tech publishers ZDNET released a long article about this Microsoft: These Exchange Server zero-day flaws are being used by hackers, so update now | ZDNet covering the scale of the issue and what is being done to help users. The visibility and attention being drawn to the Exchange Server Vulnerability also provides some insight into the scale and concern for this threat
So what does all this mean?
Zero day attacks render (in this case) Exchange servers useless and allows hackers to steal data. For any business this is a problem on many fronts. This isn’t quite ransomware where you lose complete access to the system and forced to pay for them to be released but once you know the issue is happening it’s almost certainly too late to stop the loss of data and render the system unusable for a while. The hacks do however affect all on premise versions of exchange server including 2019 so the potential damage to be caused is significant
What’s being done to address this?
On 2nd March Microsoft released patches for the vulnerabilities. The challenge however is two fold. The first: people have been largely unaware of this situation and Secondly: businesses are typically very slow to patch operating systems meaning that although preventions have been released relatively few businesses will have applied them. #PaloAlto estimate over 120,000 systems worldwide remain unpatched and therefore vulnerable to this Exchange Server Vulnerability
Good Practice
As with any technology the race to encroach or be protected is perpetual and for this reason all vendors worldwide release updates for you to apply. These updates can happen hourly or maybe only once a year but they are critical components all the same in maintaining your perimeters and safeguarding business.
Systems as a minimum should be checked daily and depending on the type of update being released you should never be more than 7 days adrift of the very latest updates. More critical updates like this should be applied immediately with less critical updates allowed to be bathed into a weekly cycle. If you are not pathing systems on a regular basis we suggest you review this immediately. It would be prudent to conduct an audit of systems and policies to see where else you may have risks
It’s worth pointing out that even the most publicised of attacks in recent years have all been preventable with active management of systems, specifically patching. The current threats also suggest poor passwords have also been compromised in order to (in some way) facilitate access. Passwords are a perineal topic for basic security and the most likely route for exposure. A simply policy that’s enforced is often all that is needed
Cirrus Technology Solutions
If you have concerns about any of these we’d be happy to help and discuss our credentials for making your business #CyberSecure
T: 03303 130966
