Microsoft has disclosed that 92% of vulnerable exchange servers are patched successfully. According to Redmond-based software giant, the company oversees a strong momentum for on-premises vulnerable Exchange Server updates. Microsoft had scrambled to release emergency updates following the discovery of Exchange Server vulnerabilities. The initial patches were made available for Exchange Server 2019, Exchange server 2016, and Exchange Server 2013. The security vulnerabilities are used by cybercriminals for limited and targeted attacks.
Microsoft recently updated Defender Antivirus to prevent critical vulnerabilities. According to Microsoft, the update would automatically block the CVE-2021-26855, which is one of the four vulnerabilities used for cyber attacks.
Commenting on the development, the company revealed that the Exchange security update is the most comprehensive way to protect your servers from attacks. The interim mitigation is exclusively designed to protect customers during the transition time required to implement the latest Exchange Cumulative Update for the relevant Exchange version.
The Exchange Server vulnerabilities were used to target firms and enterprise companies globally. According to Checkpoint Research, a total of 32 companies in India were targeted.
[penci_related_posts dis_pview=”no” dis_pdate=”no” title=”Related Articles” background=”” border=”” thumbright=”no” number=”4″ style=”list” align=”none” withids=”” displayby=”recent_posts” orderby=”rand”]
While the finance and the banking segment was worst hit with 28% compromise, the Government and military sector was worst hit at 16%. The manufacturing sector was also hit at 12.5%, while the insurance and legal markets were hit at 9.5%. The remaining sectors accounted for 34% market share in the vulnerability compromise.
The Exchange server security vulnerability could cause serious damage even though the company continues to release patches and mitigation tools. The company confirmed that just patching a system does not mean the removal of access to the hacker. The patches only for a layer to protect the system but not completely. The Microsoft 365 Defender Threat Intelligence team disclosed that many of the compromised systems have not yet received human-operated ransomware attacks or data exfiltration. The attackers could establish and keep access of all the hacked data for future usage.