As you may know, Patch Tuesday is the second Tuesday of the month (which happens to be September 8th on this month), literally the earliest it can happen. So today – the 14th of September, we had a little bit of time to evaluate the massive numbers of software pieces that need to be upgraded.
Thus https://portal.msrc.microsoft.com/en-us/security-guidance has a list and make sure to click on severity and impact to show the Critical/remote code execution (the highest impact)
If you search for exchange server – the 2016 and 2019 versions have 4 patches tied to CVE-2020-16875
At the bottom of the page one can see the sheer massive numbers of patches:
Yes, that is right almost 2900 patches. What does that really mean? Most likely as you guess, almost all operating systems need a patch, but that is not enough as that would not account for so many patches. How about Sharepoint? Or Exchange server? Office software, and then there are the different versions of the same patch… like for ARM chips, x64(Intel), 32bit . Thus there _is_ a lot to unpack.
Obviously remote code execution can grow into a wormable event if it is bad enough. This means that unless you patch your system if the computer is on the Internet (which all exchange servers usually are) then it will get hacked if attacked with the right attack software.
When reviewing a massive amount of information it is good to check yourself, search on the Internet and find another site to discuss this: https://www.zdnet.com/article/microsoft-september-2020-patch-tuesday-fixes-129-vulnerabilities/
One of the first things I noticed was the Active Directory patches:
If you know Active Directory, it is the software that Microsoft has that runs the network operating systems. Thus if one thinks about potential problems in Active Directory that could hamper the “network operating system” this would be very bad.
Patch your systems, start planning – even if it takes a few weeks.
Remember to make back ups, test the upgrade before putting it on important machines.
I.e. tackling and blocking – the basics are what is important:
- patching- upgrading
Contact Us if you want help with testing or policies