Every time a critical patch inevitably rolls out, a significant portion of the affected systems' admins essentially ignore it. There’s just no way to have simultaneous and instantaneous patching if a central authority doesn’t enforce it. And, every time, we’re seeing the only possible alternative to this, which includes repeated pleads coming from all directions, info-sec companies, cybersecurity agencies, governments, and the press.
In the case of the Exchange flaws that we covered earlier in the week and which Microsoft fixed through a patch, we have exactly the same situation. However, and because these vulnerabilities have been around for at least two months now, there are many questions about who may have already been compromised through them.
According to White House press secretary Jen Psaki, the number of victims is large, no doubt, currently estimated to include over 20,000 organizations in the United States.
Outside of the U.S., the Czech Republic's Labour Ministry has already confirmed its compromise, while the Norwegians are also counting several victims, and the list is growing quickly.
Considering the number of Exchange users around the world, the Chinese hackers who were actively exploiting the flaws have had a galore of target candidates, such that compromising them all within two months would be challenging, if not impossible. So, the sheer number of vulnerable agencies is the only thing that has saved many of them since the start of the year.
Right now, everyone’s in a race to patch, and it is considered certain that many will still neglect the urgency, and we will keep on seeing victims popping up here and there for many months to come. According to Reuters, at this time, only 10% of the vulnerable Exchange servers have patched the 0-days. This means hackers besides the Chinese group of “HAFNIUM” are enjoying a wide spectrum of targeting opportunities at this moment.
So, the important thing is that everybody patches their Exchange servers now, helping in containing the problem which is currently ongoing. If you are unable to patch for any reason, which is not uncommon in several fields, you should take a look at Microsoft’s mitigations and pick one of the recommended solutions. Some will impact aspects of the solution’s functionality, but they will secure the mail servers from being accessed by hackers.