NetStandard’s Security Minute Series
The biggest news of the week: Microsoft announced emergency out-of-band patches for Exchange Server, to fix 4 actively exploited 0-day vulnerabilities. There are many, many reports of hundreds of servers being compromised – basically every security vendor is finding this in their clients. If you run on-premise Exchange Server, or know anyone who does, patch immediately: New nation-state cyberattacks – Microsoft On the Issues
- This article includes more technical details, and how to see if you were attacked: HAFNIUM targeting Exchange Servers with 0-day exploits – Microsoft Security
- The federal government is requiring that all federal agencies apply the patches, investigate whether the agency was attacked, and provide a report to CISA by noon Friday 3/5. When even the federal government moves quickly, you know it’s serious! cyber.dhs.gov – Emergency Directive 21-02
- Note: Office 365 and Exchange Online are not affected.
Cyber insurance premiums are on the rise. With the number of attacks out there, this is not a surprise. The State of New York just released a new cyber insurance risk framework, which encourages insurers to offer discounts to companies with good security in place. Yet another reason to make sure your security is up to date!
The big news last September was the Ryuk ransomware attack against Universal Health Services, a hospital chain of 400 facilities and 90,000 employees. UHS announced that it took them a month to restore services, and cost them $67 million: Universal Health Services lost $67 million due to Ryuk ransomware attack (bleepingcomputer.com)
Microsoft announced Windows Server 2022, which includes Secured-core for the first time on Server. Secured-core has existed on PCs since 2019, and helps protect against malicious firmware attacks: Microsoft brings advanced hardware security to Server and Edge with Secured-core – Microsoft Security
Microsoft also announced that Azure Active Directory support for passwordless authentication is now generally available. Instead of a password, you can use Windows Hello, Microsoft Authenticator, or keys such as a Yubikey: Identity at Microsoft Ignite: Strengthening Zero Trust defenses in the era of hybrid work – Microsoft Security
The full list of news and announcements from Microsoft Ignite 2021 is available here: Microsoft Ignite 2021 Book of News
On another note…
- Microsoft is forcing the rollout of Windows 10 version 20H2 to computers running version 1909 or earlier. Install it yourself on your own schedule, or you might find that Microsoft decides to install it on theirs (usually at the worst possible time!): Microsoft starts force installing Windows 10 20H2 on more devices (bleepingcomputer.com)
- A very handy list of Microsoft products that are ending support in 2021 can be found here: Products Ending Support for 2021 – Microsoft Lifecycle | Microsoft Docs