One of SensCy’s missions is to bring awareness to small and medium- sized organizations about the ever-evolving cyber threat landscape. One of cybersecurity’s main issues is managing patching for critical systems and operating systems.
Unpatched vulnerabilities, including zero-day vulnerabilities, are a popular entry point for bad actors and hackers to breach your network, steal conﬁdential information, install malicious software, and conduct ransomware attacks. According to BusinessWire, 2021 saw a 29% increase in Common Vulnerabilities and Exposures (CVE) associated with ransomware compared to the previous year.
SensCy has been monitoring two major vulnerabilities that could highly impact SMOs in the coming weeks. The ﬁrst one is a vulnerability in Microsoft Exchange servers, tracked CVE-2022-41082, which could allow hackers to escalate privileges and gain arbitrary or remote code execution on compromised servers. Unfortunately, based on the research on Shodan and Greynoise, over 60,000 Microsoft Exchange servers are still unpatched and vulnerable even after Microsoft released a patch in November 2022.
It is essential to know that Exchange servers are highly valuable targets. Hackers are investing time and money into building speciﬁc tools that target only Exchange servers, similar to the FIN7 that developed a tool, “Checkmarks,” to breach Exchange servers. The tool has already inﬁltrated 8,147 companies, primarily located in the U.S.
In addition to the Exchange vulnerabilities, SensCy is also monitoring two vulnerabilities in the Citrix ADC and Gateway with available updates released by the vendors in recent months. The ﬁrst vulnerability (CVE-2022-27510) is where a hacker could exploit it to gain unauthorized access to the device, perform a remote desktop takeover, or bypass the login brute force protection. The second vulnerability (CVE-2022-27518) allows unauthenticated hackers to perform remote command execution on vulnerable devices and take control of them. According to researchers at Fox IT, while most public facing Citrix endpoints have been patched with the latest version, thousands remain unpatched and vulnerable.
The SensCy team recommends that IT monitor available updates and ensure the security updates are installed on time. SensCy recommends that security updates should be installed within 24-48 hours.
SensCy also recommends implementing automatic updates to be enabled to the majority of your software and systems. Keeping your systems up to date is critical and will help protect you against the latest threats.
Please follow the links for more information on Microsoft Exchange and Citrix updates.
If you need additional support, please with get in touch with SensCy.