More follow ups to the Microsoft Exchange server compromise. The number of estimated Exchange Server customers compromised has now doubled to 60,000. More scary – Microsoft may have taken too long to recognize the issue. Krebs on Security has a basic timeline of the event, and Microsoft has confirmed it was made aware of the vulnerabilities in January.
It also appears there to be at least five hacking groups actively using the flaws, as of the weekend. Per Krebs, “if your organization runs an Outlook Web Access server on the internet, assume a compromise between Feb 26 and March 3.” The National Security Council that’s that patching and mitigation is not remediation if already compromised.
Why do we care?
I’m going to need another segment or retire this Week In SolarWinds to “this week in nation state breaches”. Maybe both. There will be a lot of follow up questions for Microsoft to come.
My focus here on this show will be less about the tactics of patching, and more about the perspective. I wouldn’t expect this show to be the place you get breaking news about these hacks. Instead, it’s where we talk about why and what’s next.
If I were a provider at any level, I’d be asking really hard questions about why I’m actually still running an on prem email server in the year 2021.
But it circles back to the first story of today. The smaller the business, the more everything is consumed via SaaS or lease. With this trend for all systems, why not sprint ahead? If you wonder why I’m so focused on cloud management, this is why.
Source: Krebs On Security
Source: The Verge