Topic: Plus member bonus – Exchange security issue @ AskWoody

Plus member bonus – Exchange security issue

Posted on Susan Bradley Comment on the AskWoody Lounge
Home › Forums › AskWoody blog › Plus member bonus – Exchange security issue

Tagged: Patch Lady Posts
- This topic has 9 replies, 3 voices, and was last updated 1 month ago.
Viewing 3 reply threads
- Author
  
  Posts
- - March 6, 2021 at 10:59 pm #2348413
    
    Susan Bradley
    Manager
    
    For those of you that are small businesses, I have uploaded to the Master Patch list page some special links, resources and a Plus member only video
    [See the full post at: Plus member bonus – Exchange security issue]
    
    Susan Bradley Patch Lady
    
    Reply | Quote
  - March 7, 2021 at 2:49 pm #2348557
    
    anonymous
    Guest
    
    With a problem as large as this you restrict this vital information to the Pro members area ONLY?
    
    Reply | Quote
    - March 7, 2021 at 9:20 pm #2348604
      
      Susan Bradley
      Manager
      
      It relates to business mail users not home or consumer users. Since it doesn’t apply to most of the membership, it’s a bonus to the Plus members that are business owners/consultants.
      
      Susan Bradley Patch Lady
      
      Reply | Quote
  - March 9, 2021 at 5:49 am #2349045
    
    JohnFDoe
    AskWoody Plus
    
    MAJOR Problem: The patch list apparently tells businesses to install the infected Exchange patches!
    
    Those should be updated to be marked “DO NOT INSTALL, INFECTED!!”
    
    Those kinds of patch rejections is why most of us pay for access to the patch lists (and also why we generally defer Microsoft updates for longer than officially recommended).
    
    Also, the fact that someone was able to infiltrate the update system itself at Microsoft raises major questions as to the level of trust that should be placed in Microsoft updates.
    
    Reply | Quote
    - March 9, 2021 at 7:07 am #2349055
      
      JohnFDoe
      AskWoody Plus
      
      Update: Some news media reported that it was the Exchange patches themselves that had been compromised, not that the exchange servers were getting attacked with 0-days.
      
      Reply | Quote
      
      March 13, 2021 at 12:16 pm #2350145
      
      Susan Bradley
      Manager
      
      No, what they were referring to was that during the patch testing process they share “indicators of compromise” and information with antivirus vendors and other patch testers. It’s possible that one of THEM had been hacked and thus the information got leaked out because someone hacked their inbox/credentials.
      
      Susan Bradley Patch Lady
      
      Reply | Quote
    - March 10, 2021 at 2:10 am #2349294
      
      Paul T
      AskWoody MVP
      
      Where have you seen evidence that the patches were infected?
      Speculation isn’t enough for such an important issue.
      
      cheers, Paul
      
      Reply | Quote
      
      March 13, 2021 at 12:17 pm #2350146
      
      Susan Bradley
      Manager
      
      Yea, patches were not infected.
      
      Susan Bradley Patch Lady
      
      Reply | Quote
    - March 13, 2021 at 12:20 pm #2350147
      
      Susan Bradley
      Manager
      
      With my deepest respect but these Exchange updates were not infected. No Microsoft updates systems were infiltrated. I would recommend that you review this article: https://www.wsj.com/articles/microsoft-probing-whether-leak-played-role-in-suspected-chinese-hack-11615575793?mod=djemalertNEWS
      
      Susan Bradley Patch Lady
      
      Reply | Quote
  - March 13, 2021 at 12:15 pm #2350144
    
    Susan Bradley
    Manager
    
    https://us-cert.cisa.gov/ncas/current-activity/2021/03/13/updates-microsoft-exchange-server-vulnerabilities
    
    More resources there
    
    Susan Bradley Patch Lady
    
    Reply | Quote
- Author
  
  Posts
Viewing 3 reply threads

Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

Reply To: Plus member bonus – Exchange security issue
You can use BBCodes to format your content.
Your account can't use Advanced BBCodes, they will be stripped before saving.

Cancel

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.