In the past few weeks, you may have read news of Microsoft Exchange servers being hacked by state-sponsored actors. It has come to light that four previously unidentified vulnerabilities had been identified and were being exploited by hackers in widespread attacks. What does this mean for businesses and personal users?
To understand the impact, we need to be aware of the different types of Microsoft products. For the purposes of this discussion there are three main groupings. The first grouping is the one-off licence purchase products such as Office 2016 and Office 2019. These users make an upfront purchase and have a perpetual licence supported by Microsoft for a finite period. The second grouping in Microsoft 365 products such as Business Basic and Business Premium, a subscription-based category where users pay a monthly fee to access the latest features of the software contained within their licence. The third grouping is Microsoft Exchange Server, an email and calendar system which runs on Microsoft Server operating systems.
Microsoft Office and Microsoft 365 products are primarily used by both personal users and small to medium-sized businesses owing to their easy set up and low relative cost as no servers are needed. In contrast, Microsoft Exchange Server is most used by large corporations and government, as the higher costs are offset by the ability to build more complex environments with greater flexibility to better support their business needs.
The Microsoft Exchange Server attack affects only those businesses and departments who use Microsoft Exchange Server, so most personal and small-to-medium business users are unaffected at this time. There has been some confusion over this because there are similarities between the two offerings as Microsoft 365 includes Exchange Online, but Microsoft 365 has not been affected by this attack.
The attack serves as a timely reminder for the need for to regularly monitor applications and operating systems, and update patches on a regular basis. If you would like assistance with monitoring your systems and managing your patches, please contact us today.