A scorching potato: Microsoft says that 92% of Exchange servers have been patched or mitigated dangers following 4 zero-day exploits. However, the corporate warns that already compromised servers are nonetheless in danger. Admins are suggested to examine their servers to make sure that secondary assaults reminiscent of ransomware assaults or information exfiltration are prevented from occurring.
Microsoft explains that its one-click mitigation tool and recent update of Microsoft Defender have expanded the attain of server mitigation, leading to some 92% of weak Exchange servers worldwide having both been patched or mitigated. It’s constructive information, however Microsoft highlights that patching is not going to guard already-compromised servers.
“Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions.”
While patching safeguards your group’s servers from an preliminary assault, admins are suggested to watch their techniques to make sure they are not nonetheless weak. This might contain a follow-on assault on an already-compromised server, or utilizing stolen information to compromise different networks.
Microsoft has published guidance on-line for server admins to seek advice from, however the backside line is obvious: whereas the corporate’s software program and on-line instruments are serving to to patch the overwhelming majority of servers worldwide, it is important that admins examine whether or not or not their group’s Exchange servers have already been compromised. If so, ransomware or information exfiltration might observe at a later time limit.