Even if you needed to apply patches last month, you’ll need to do so again this month
Last month, we told you about a series of critical vulnerabilities in Microsoft Exchange that were under attack. We urged small and medium businesses (SMBs) to take immediate action to patch, as well as determine if Exchange systems might have been compromised.
This month, Microsoft has released a new series of patches for a new, different set of critical vulnerabilities affecting Exchange.
The bad news is that if you needed to apply patches last month, you’ll need to do so again this month.
The good news, right now at least, is that these vulnerabilities are not under attack. However, Microsoft says clearly in their security advisory:
We have not seen the vulnerabilities used in attacks against our customers. However, given recent adversary focus on Exchange, we recommend customers install the updates as soon as possible to ensure they remain protected from these and other threats.
In other words, while these aren’t currently under attack, there are currently ongoing attacks against Exchange and there’s a very good chance that attackers will move quickly to incorporate these new vulnerabilities into their attacks. That means even Exchange servers that are patched against last month’s vulnerabilities could be at risk of compromise.
If you’re running Exchange, apply these latest patches as soon as possible. The sooner you apply these patches, the better your chances of getting your systems protected before attackers target these latest vulnerabilities.
If you haven’t applied the patches and followed our guidance from last month, we encourage you to review our posting from last month and make it a priority to apply these latest patches as soon as possible.
This latest situation is an example of how fast, immediate action can potentially save you from greater pain in the future.