Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Exchange zero-day flaws: Over 85% of organisations have already patched their systems, Heimdal figures show

March 2021 by Heimdal™ Security

New data from cybersecurity provider Heimdal™ Security shows that 85% of its customers have already applied patches to address the Microsoft Exchange vulnerabilities, through the use of automated vulnerability management and deployment.

A further 13% have the update in their manual update queues, with deployment expected within 24-48 hours. Heimdal estimates that 97% of customers will have updated their systems by the end of this week, with the remainder expected to do so in the following days. It believes that most companies will be protected from further exploitation by the end of next week.

Reports suggest that at least 30,000 US organisations have already been hacked by cybercriminals exploiting the four recently-discovered flaws in Microsoft Exchange Server email software. The vulnerabilities have been actively exploited  by the state-sponsored threat group Hafnium, and also appear to have been adopted by other malicious groups in extensive attacks.

Ruth Schofield, UK and Ireland Country Manager for Heimdal, says: “We urge Exchange users who have not done so already to apply the patches immediately, as the vulnerabilities could allow various malicious actors to exploit any system that has remained unpatched.

“In today’s threat landscape, an automated patch management process is crucial when it comes to accelerating the response to vulnerabilities. Often, security flaws are exploited before an organisation has the time to react.

“Heimdal is willing to assist any company coping with the consequences of a bad Microsoft Exchange Server incident in setting up an automatic patching process to avoid a similar scenario in the future.”

Heimdal yesterday announced an emergency intervention to fix flaws associated with the Microsoft Exchange Server Exploit following the news that tens of thousands of institutions and organizations have been affected by the four Microsoft Exchange Server vulnerabilities revealed last week.




See previous articles

    

See next articles