Vulnerability Management – Exchange Servers are Finicky to Patch, but Shouldn’t be Overlooked

No one plans on compounding deferred patches, but when error messages are confounding, we often move on to seemingly more immediate (and less frustrating) fires. This initial patch deferment often lasts months, or even years until the device is either compromised or replaced (often due to end-of-life). For instance, several events this year have highlighted the significant vulnerabilities affecting unpatched Microsoft Exchange Servers and the subsequent risk that presents to the system or an entire network. Microsoft has released multiple patches to address these vulnerabilities, most recently in July, but as of last month a Shodan scan revealed that 30,000 Exchange servers remain vulnerable. Patching is rarely problem-free, but with email being one of the most important systems for any organization, it is important not to get caught up in deferring security updates.

No matter how finicky Exchange Server updates can be, it is important to:

• keep Microsoft Exchange systems up to date with the latest patches and security updates
• ensure that your Exchange servers are not directly internet-facing and that your internal network has a robust firewall

For more, visit CSO Online.