Guernsey IT company supports clients following Microsoft Exchange vulnerability issues

Next Generation IT (NGIT), the Guernsey based pan-Island IT services company, worked through the night recently to protect local businesses following issues identified by Microsoft with its Exchange Server platform.

Last week, the US software giant admitted there were ‘zero-day vulnerabilities’ – severe weaknesses – in its Exchange Server that are being actively targeted by cyber attackers. The NGIT technical team worked 24/7 to update all of its local Microsoft-driven client systems within a few hours of the patch release to ensure they are remain secure and protected in NGIT’s privately run cloud.

What is a ‘zero day vulnerability’? It is a computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability (typically the software vendor). Until the vulnerability is mitigated, hackers can exploit it to adversely. The term ‘zero-day’ originally referred to the number of days since a new piece of software was released to the public, so ‘zero-day’ software was software that had been obtained by hacking into a developer’s computer before release. Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them. Once the vendor learns of the vulnerability, they will usually create patches or advise workarounds to mitigate it. The more recently that the vendor has become aware of the vulnerability, the more likely it is that no fix or mitigation has been developed. Zero-day attacks are a severe security threat.

Jason Connolly, Director at NGIT explained: “The news that there were significant compromises in the Exchange email system meant all hands to the pump as speed is key to ensure important data stays protected.

“Microsoft Exchange Server is an email inbox, calendar, scheduling and collaboration platform used by many businesses across the Islands. I am pleased that the swift actions taken by our technical engineers and consultants in implementing patches and working with clients has meant none experienced any issues.”

The Microsoft released patches are designed to tackle four severe vulnerabilities identified. These included server-side forgery, unsafe data deserialisation inside the unified messaging service and the ability of an authorised Exchange user to overwrite any existing file inside the system with their own data.

Also read this article for further technical information.