On the 4th of March, Microsoft announced a zero-day vulnerability affecting Microsoft Exchange Server. This created the opportunity for unauthorised access to email accounts, to exfiltrate data, move laterally in exposed environments and install additional accesses and malware for long-term access to compromised environments.
Whilst the majority of our clients utilise Microsoft Exchange Online for their email (which was not affected), those that are on Microsoft Exchange Server were quickly protected at no extra cost thanks to our proactive automated monitoring and patching system which downloaded and prepared the update ready for installation. Our team decided to manually intervene at this point to patch each server due to the severity of the vulnerability. The entire process was completed nearly two weeks ago, within a small time window, out of hours, to minimise disruption to our clients. Our managed services tool set allowed our team to focus on the task in hand and not have to patch our clients servers before the update was deployed.
Dan Brown, our Service Delivery Manager said:
Our automated monitoring & patching service is the understated jewel in Resolution IT's crown. It has always been important that our clients have the latest threat protection at the earliest opportunity and not have to pay extra or go through an approval process when time is of the essence. Thanks to this process, I'm glad to say that there was zero fallout for any of our clients.
We've installed almost 9,000 patches across our client-based in the past 60 days alone, all included under our flagship Platinum Managed Services offering with no extra cost to our clients.
So why didn't we tell you?
Because as a managed IT service provider, this is included in contracts with us. For us, it was business as normal as we got on with what needed to be done. For you, it should also be business as normal, allowing you to carry on, safe in the knowledge we are looking after your IT estate, with no extra costs or worry.
*zero day vulnerability – a security flaw the developer is unaware of