Problem: Exchange Server Zero-Day Vulnerabilities
Microsoft recently announced four zero-day vulnerabilities in their Exchange Server that are currently being exploited by a group called “Hafnium”.
Per Microsoft, these vulnerabilities allow “the threat actor… to access on-premise Exchange Servers, which enabled access to email accounts and allowed the installation of additional malware to facilitate long-term access to victim environments.” This is a prime example of persistent threats that MSPs must protect their customers from.
Solution: Using Liongard to Quickly Identify Vulnerable Endpoints
Luckily, Microsoft has already released emergency security patches for these four vulnerabilities and recommends updating systems immediately.
If you’re an MSP, rolling out emergency updates can be a nail-biting process, especially when you manage a large volume of customers and endpoints. Keeping track of everything and verifying that these patches have been completed can be a daunting task at best.
How do you quickly confirm that all of your customers’ Exchange Servers have been patched without checking them individually? Use Liongard. Current Liongard partners have three ways to quickly check the status of these patches:
Option #1: Run a Report (detailed instructions here)
- Click on “Reports” at the top of the page
- Click “Create Report” > “One-Time Report” > Name your report
- Name your table > Select the “Windows” Inspector > Make sure “All Systems” is selected
- Select “Windows Server: Running Microsoft Exchange” and “Windows Server: Patch List” from the list
- Click “Continue” at the top right > Select whether you want all environments in one report or separate environments for each report > Click “Finish”
- Download the report as an Excel, share it with your team via email or a link, or view it in Liongard
Option #2: Review Exchange Servers Across All of Your Customers Within Liongard
- Select desired customer environment
- Select Endpoints on left hand navigation pane
- Select “Metrics” on the far right of the table
- Check the box for “Windows Server: Running Microsoft Exchange” and “Windows Server: Patch List” and then click “Save” at the bottom
- You will see these metrics for each Windows Server
- Want to see this for different customer environments? Scroll all the way to the top of the page and click the dropdown at the top to search for another environment.
Option #3: Leverage Reporting Integrations
You can also sync these metrics to third party reporting like BrightGauge or Power BI to identify which customers’ Exchange Servers have been patched and which haven’t.
What About New Exchange Servers or New Customers?
Once you’ve confirmed current customers are protected with the latest security patch, it’s time to turn to preventing this vulnerability from coming up again in the future for new Exchange Servers you add and new managed customers. Use Liongard to create a custom Actionable Alert to identify when your customers have Exchange Servers that aren’t protected against this vulnerability. Create this alert by following these instructions.
Not A Current Liongard Partner?
You’re missing out on a better way to secure your customers. With Liongard, you can gain visibility into all of your customers and their systems going back 18 months, leverage change detection to identify when system-related information is altered (like user permissions) and automatically receive tickets based on Liongard’s security alerts via our ticketing integration when something needs your attention. If you’re not using Liongard to secure your customers’ systems, sign up for a demo and see how Liongard can improve security today.