GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

All Posts

Patch Tuesday March 2021 Edition...Exchange Exploits Escalate

By Randy Becker, CISO & VP, Network and Security Consulting

As if the SolarWinds fiasco and the massive global on-premises Exchange Servers attack weren’t bad enough, here comes Microsoft Patch Tuesday for March 2021.

Microsoft Patch Tuesday announces 82 vulnerabilities, with 10 plus classified as critical, 1 zero-day exploit, and 72 as important. These have all be fixed in this month’s update courtesy of Microsoft. Of special note, these numbers do not include the 7 Microsoft Exchange and 33 Chromium Edge vulnerabilities already released.  

If you have an on-premises Exchange Server, you must apply the updates from Microsoft immediately. You can find the installation instructions here. The Exchange Server team has also created a script to run a check for HAFNIUM IOCs. That script is available here.

Estimates of 30,000+ victims in the U.S. alone

While the Microsoft Security Response Center (MSRC) website has a thorough update guide on the 82 new vulnerabilities, the bigger problem right now is the alarming number of Microsoft on-premises Exchange Servers being compromised with these “Web Shell” scripts that, once installed, provide a backdoor that gives threat actors full access to the impacted systems, remote control, the ability to read email, and the ability to move latterly within an environment with the potential to exploit other systems. There are estimates that this might exceed 30,000 victims in the U.S. and potentially hundreds of thousands worldwide.

What can you do right now to protect your organization?

  • Ensure you have immutable backups of all systems; that way if the worst happens you have a method of recovering.
  • If you have an on-premises Microsoft Exchange Server, regardless of whether it’s exposed to the Internet, patch it!
  • After you are done patching, ensure that you validate that the server is patched with the Microsoft Tools.
  • Assume that if your Exchange Server was connected to the Internet it was compromised; “Assume the Breach.”
  • Run the Test-ProxyLogon.ps1 to see if the server was compromised and has Web Shells or other malicious code installed.
  • If the server was compromised, you should treat this as an Incident Response (IR) play and start your IR plan.
  • If you do not have an IR plan you should create one and test it with a tabletop exercise.

So, what comes next? This is a very good question.

While we can only speculate, here are some thoughts based on previous experience. Security consulting organizations such as GreenPages have notified and assisted customers with getting Exchange Servers patched and determining if any systems have been compromised. I do, however, expect more ransomware, cyberespionage, and data exfiltration events to occur similar to what we have seen over the last year.

Simply put, the drumbeat is constant and the threats are real and dangerous; this is no time to be complacent. As we continue to field calls from organizations looking for assistance, it’s clear that even the smartest security teams need help to remain vigilant.

If you would like strategic direction to strengthen your security stance, reach out to your GreenPages Account Executive who can connect you with a Security Engineer or reach out to us!

Randy Becker 2

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation.


Related Posts

CIO Fireside Chat Recap: Cloud & FinOps

By Mario Brum, VP of Practice Area and Technical Advisory Services Mario hosted the second in GreenPages' ongoing series of CIO Fireside Chats discussing how an industry-leading retail technology company partnered with GreenPages to use FinOps for optimizing the company's cloud costs. 

Preparing Your Business for the End of Windows Server 2012 Support

By Josh Morganthall, GreenPages Senior Solutions Architect for Microsoft Cloud In this blog post, Josh outlines the steps that CIOs need to take to prepare for Windows Server 2012 reaching its end of support on October 10, 2023 to ensure their IT operations remain secure, productive, and running without interruption.

Replace Your Business Phone System with Microsoft Teams

Microsoft Teams Phone System is a powerful tool that can help businesses streamline their communication and improve productivity. In this blog post, GreenPages’ Director of Carrier Services Kurt Karshick outlines the various options for moving to a Microsoft Teams Phone System and why it's a smart choice for businesses of all sizes.