Microsoft discovered zero-day vulnerabilities in certain versions of Exchange, which could be extremely dangerous if left unaddressed. In order to rectify the situation quickly, the FBI has accessed thousands of users’ computers to deal with leftover, dangerous code.
Microsoft has reported the discovery of a series of zero-day vulnerabilities within its Exchange environment, for which they have released emergency security updates and patches. These vulnerabilities could potentially put thousands of email servers used by organizations around the world at risk of infection with a range of malware types.
Assumed to be the work of nation state-affiliated cybercriminals, these exploits could have serious consequences if left unaddressed. Fortunately, Exchange Online (hosted in Microsoft 365), was not affected by this incident. The vulnerabilities only affected on-premise Exchange Servers 2010, 2013, 2016, and 2019, for which Microsoft released emergency patches.
Even so, it’s likely that many unaware users would not apply the security patches promptly. Furthermore, the attack has also left malicious code behind that could further endanger users. That’s why the FBI has stepped in and taken direct action on the user’s behalf.
The Department of Justice recently made public the FBI’s efforts to eliminate residual malicious code on users’ systems on their behalf. While this would normally be outside of the FBI’s jurisdiction, the vulnerability was deemed dangerous enough to get the Department of Justice a warrant for these activities.
Since then, the FBI has been secretly accessing thousands of computers to delete dangerous code and eliminate the Microsoft Exchange vulnerability. This helps to mitigate the chance that unpatched systems would endanger unaware users.
An unnamed FBI agent helped to justify the bureau’s actions in a signed affidavit, explaining that everyday users would be unable to deal with the residual code left behind by hackers:
“Most of these victims are unlikely to remove the remaining web shells because the web shells are difficult to find due to their unique file names and paths or because these victims lack the technical ability to remove them on their own. By deleting the web shells, FBI personnel will prevent malicious cyber actors from using the web shells to access the servers and install additional malware on them.”
If you’re worried about the precedent this sets for the FBI’s right to access private citizen’s computers, you’re not alone. While this is not the first time the FBI has had to take direct action to address a cybercrime incident, it’s the first of its scale. In the past, the FBI has hacked citizens’ computers to remove code that puts them at risk.
The fact is that the most common way cybercriminals get into a network is through loopholes in popular software, applications, and programs. That’s why patch management is so important.
Despite how advanced modern software is, it is still designed by humans, and the fact is that humans still make mistakes. That’s why much of the software you rely on to get work done every day could have flaws — or "exploits" — that leave you vulnerable to security breaches.
Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users. This is why it's important for you to keep your applications and systems up to date.
Comprehensive and regular patch management is a crucial part of proper IT security.
In order to maintain a secure IT environment, you either have to make sure your staff is staying on top of all incoming updates or better yet, you need to work with a reliable cybersecurity partner like Orbis Solutions to take care of it for you.
As a part of our comprehensive IT support offering, Orbis Solutions will manage:
In action, these management services will make sure your systems are always safe and reliable through continuous monitoring. Please note that Orbis has been monitoring the Microsoft Exchange situation as it develops. All necessary security updates have been applied to any potentially at-risk users.
We will keep an eye on the situation to ensure no new risks are posed to our client base. Rest assured that security remains a top priority for Orbis Solutions.
Without staying on top of your patch management, your outdated software is essentially a ticking time bomb, putting your business at greater risk with each day that passes.
You don’t have to accept that risk, and you don’t have to do the work to stay ahead of it either — the Orbis Solutions team can manage your patches and updates for you.
Get in touch with the Orbis Solutions team to discover how we handle patch management for our clients.
Orbis Solutions, Inc., in Las Vegas, Henderson, Summerlin and throughout Nevada, has developed creative, strategic and cost-effective technical solutions for a wide variety of clients. Offering a diverse range of products and services, Orbis provides IT solutions to promote your company’s productivity and profitability, and help you sort through the latest-hyped technology, so you can select the best hardware, software or service for your business needs.