What you need to know
- 92% of vulnerable Exchange servers have been patched or mitigated.
- That marks a 43% improvement over last week.
- Patching a server does not protect them if they have already been compromised.
It's important to note that patching or mitigating a vulnerability does not protect servers that have already been compromised. IT admins need to check to see if their systems have been exploited.
Microsoft has taken several steps to address the widespread attack on its Exchange server software. The company released an emergency fix for the vulnerability and released a one-click mitigation tool. Microsoft also updated Microsoft Defender to address one vulnerability.
Our work continues, but we are seeing strong momentum for on-premises Exchange Server updates:
• 92% of worldwide Exchange IPs are now patched or mitigated.
• 43% improvement worldwide in the last week. pic.twitter.com/YhgpnMdlOXOur work continues, but we are seeing strong momentum for on-premises Exchange Server updates:
• 92% of worldwide Exchange IPs are now patched or mitigated.
• 43% improvement worldwide in the last week. pic.twitter.com/YhgpnMdlOX— Security Response (@msftsecresponse) March 22, 2021March 22, 2021
Threat actors jumped on the opportunity to go after unpatched Microsoft Exchange servers. Check Point Research saw exploitation attempts on organizations double every 2-3 hours over a 24-hour period earlier this month.
Researchers at F-Secure said that servers are being hacked faster than they can count. In a report from March 19, Antii Laaktikainen, senior security consultant at F-Secure said, "Tens of thousands of servers have been hacked around the world. They're being hacked faster than we can count. Globally, this is a disaster in the making" (via ZDNet.
