See how leaders and teams like yours are capturing up to 300% ROI. Explore the data now!

Unpatched Vulnerabilities Continue to be a Major Issue – How Can We Fix Them?

April 13, 2021

We can all agree there is room for improvement in patching your systems.

Let me make the case. On March 11th Microsoft acknowledged the existence of a vulnerability within Exchange.

Login VSI - Blog - Patching is Critical with JetPatch - Microsoft Twitter Posts - Image

For those who are not administrating or fixing these things, Exchange is a widely adopted mail server technology. If you are utilizing Outlook right now, the chances are that you are connected to Exchange.

Login VSI - Blog - Patching is Critical with JetPatch - Connected to Microsoft Exchange - Image

This is important. As of March 13th, Security experts at Palo Alto Networks estimated that at least 20,000 US-based Exchange servers remain unpatched and vulnerable to exploitation, and as many as 80,000 worldwide.

How can that be possible if Microsoft released a patch the same day? Aren’t these organizations taking a chance that they are not the next news headline?

You are right, but patching is complex. Most large organizations are not patching their Exchange server and stopping for the day. There is a vetting and testing process that needs to be completed for EACH application. You need to understand the impact of the security fix first. What will happen to your user experience? Will my users be able to send and receive emails and at the rate they are used to? I use Exchange as an example, but this applies to any applications that your organization may rely on for revenue.

Officials at the White House would agree. As attacks leveraging the vulnerabilities have escalated, the window for updating exposed servers is incredibly short — “measured in hours, not days,” a senior administration official told reporters.

To make matters worse – the pace of change in our IT environments is accelerating. In this last year alone, Microsoft updated Windows 10 more than 1,280 times. At the current trajectory of change, we could expect Microsoft to bring out 60,000 changes by 2030! Now is the time to start embracing this faster pace of change.

threatpost.com/microsoft-patch-tuesday-holidays/162041/

  • 2019: 840 patches, many of which were “critical.”
  • 2020: 1,250 patches, with a Dec-20 run-rate of 90+ releases/month

So, what can we do about the fact that, on average, it takes organizations 70 days (about 2 and a half months) to roll out patches? edgescan WITHOUT adding additional headcount. We need to automate every bit possible. We need to create a crucial point of visibility into the process. We need to have metrics that are easily distilled down. We also need a repeatable testing process.

Are you looking for a way to remediate vulnerabilities within your environment faster? We can assist with that. If you would like to schedule a demonstration of the combined products, please email us or request a trial license.

This blog was co-authored by Todd Kirkland, Chief Operating Officer at JetPatch.

PartnerPatching

Related Resources

Improve Security with Vault Integration
BlogMarch 5, 2024

Improve Security with Vault Integration

Measuring Security Agent Impact on Desktop Images
BlogFebruary 26, 2024

Measuring Security Agent Impact on Desktop Images

Top Ways to Enhance Microsoft Teams Performance
BlogFebruary 21, 2024

Top Ways to Enhance Microsoft Teams Performance

Ready to see how you can transform with Login VSI?