2 min

Microsoft estimates that 92 percent of vulnerable Exchange servers have now received a patch. This suggests that the vast majority of IT administrators are taking the problems seriously.

The data comes from a tweet by Microsoft Security Response. In this tweet, the company says that 92 percent of the IP-addresses with Exchange have received a patch to close the vulnerabilities. This is an improvement of 43 percent compared to the week before.

Still, it’s a cause for concern that 8 percent of the Exchange servers haven’t received a patch for the vulnerabilities. Microsoft has released an update on the 2nd of March to close the vulnerabilities and has been doing everything to help administrators to close the leaks.

Patching is easy

Administrators basically only need to install the update to protect themselves. If for some reason that is not possible right away, Microsoft has also made a tool available that fixes the most important vulnerability at the touch of a button and scans the system for vulnerabilities. The features of this tool are now also built into Defender, which theoretically fixes the problem automatically.

F-Secure had a more pessimistic estimate

Microsoft’s figures do not correspond with the figures that cybersecurity company F-Secure recently published. That company suggested that only about half of all servers that are visible from the Internet have been patched. It is not clear what causes this difference. Presumably, as the developer of both Exchange Server and the patches that should solve the vulnerabilities, Microsoft has a more complete view of the situation.

Risk of ransomware and data theft

Users who have not yet applied the patches are at considerable risk. Malicious parties are actively scouring the Internet for the remaining unpatched Exchange servers. They can now easily penetrate these and infect them with their own malware. In practice, this generally amounts to ransomware attacks. Theft of sensitive data is also an outome. For servers that have not yet been patched, it is no longer a question of whether they will be attacked but when.

Tip: Microsoft Exchange Server hacked, what are the consequences?