The Microsoft Security team has been commended for its handling of the latest Microsoft Exchange breach, which affected over 25,000 customers globally. According to Charles Carmakal, the senior vice president at FireEye, the tech giant has done exceptionally well in reaching out to its clientele and availing the necessary tools to combat the wave of intrusion attacks. The company had initially advised users to manually update their programs to prevent a breach of their systems. It later on provided a turnkey solution that would allow novice users and enterprises without technical personnel to apply the patches automatically.
According to the latest advisory, all users have to do is turn on automatic updates on Windows Defender to overcome the critical CVE-2021-26855 vulnerability. Updating the antivirus program allows it to disrupt the infection chain through a URL Rewrite mechanism. Going by Microsoft’s most recent announcement about the situation, 92 percent of vulnerable Exchange IPs worldwide have now been patched. This is a praiseworthy feat by any stretch.
According to the White House’s National Security Council, simplifying the update process was key among the strategies deployed to push back against the hackers. Among the early mitigation programs released by Microsoft engineers was the One-Click Mitigation Tool. It helped simplify the update process, and according to the White House, it was downloaded over 20,000 times within a week.
That said, the Microsoft Exchange flaws being exploited by hackers are of a serious nature. They could be used to take over a system and extract sensitive information. An intruder would be able to, for example, gain access to emails on the server, write Active Server Page Extended (ASPX) files onto the disk, and add user accounts.
This makes the simplification of the patch process tremendously impactful for regular consumers and small business owners.