Earlier in March we rushed through an emergency Microsoft Exchange Server patch to protect our customers from a serious vulnerability. With increasing cybersecurity threats, it is more important than ever for businesses to implement security patches in a timely manner. What are the pros, cons and considerations for implementing these properly?
Microsoft released an emergency patch for the flaw earlier in March, just one day after Senior Threat Intelligence Analyst at Microsoft, Kevin Beaumont sounded the alarm when he discovered a significant number of servers were vulnerable and easily "pwned" (a term used in the computer security world to describe a compromised device). Beaumont wrote: "It's time to panic. Big time."
As this particular attack is so severe because it can be automated, Microsoft has even released patches for older systems that are no longer supported. This vulnerability of Microsoft Exchange servers gives the attacker access to Active Directory.
The reality is that regardless of the operating system, all software has bugs - some of which can be exploited by increasingly sophisticated hackers. In its 2016 bug bounty report Microsoft said it paid $1.5 million to the security community for reporting vulnerabilities in products including Windows, Internet Explorer, Edge and Office. Products such as Exchange and SharePoint are more complex than other software because they need to be integrated with other systems. They also require more rigorous testing to ensure nothing breaks when a new update is applied - and customers don't like changes to their production systems without good reason.
With increasing cybersecurity threats, it is more important than ever for businesses to implement security patches in a timely manner.
There are several steps that a business can take before installing any individual security patch. For example, you might consider:
Our technical and security team here at DC Two remain vigilant, with automated and manual monitoring of all systems as well as redundancies and fail safes to ensure our own client data always remains safe and secure.
If you would like more information, or to get on board our up to date, secure cloud platform contact our team anytime.
Paradigm Technologies has been working with John and the team at DC Two for the past 2 years. They have been instrumental in allowing us to establish 'cloud' offerings for our clients. We now have a number of customers whose core data and server infrastructure is located on the DC Two platform.
The simple and competitive pricing model they use makes quoting and billing a breeze. Nothing is too much trouble for them and no matter the problem or requirement, DC Two will find a way.
- Nick Dimitrijevich and Andrew Rosen, Directors, Paradigm Technologies