This month has been particularly problematic for IT admins who have been rushed into applying patches to on-premises Exchange Server instances following attacks from state-sponsored and other criminal groups. However, it now appears that the situation is improving, as Microsoft has announced that 92% of vulnerable Exchange IPs have now been patched or mitigated.
This piece of news comes from the official Microsoft Security Response Center (MSRC) Twitter account, which noted that it has observed "strong momentum" with respect to how quickly Exchange Server instances are being patched:
Our work continues, but we are seeing strong momentum for on-premises Exchange Server updates:— Security Response (@msftsecresponse) March 22, 2021
• 92% of worldwide Exchange IPs are now patched or mitigated.
• 43% improvement worldwide in the last week. pic.twitter.com/YhgpnMdlOX
As can be seen in the graphic above, almost 30,000 instances have not been patched yet, which translates to roughly 8% among the universe of 400,000 instances that Microsoft has been observing since March 1, based on telemetry data from RiskIQ.
Apart from effort from IT admins, the significant decrease can be attributed to the multiple advisories that Microsoft has published in the past couple of weeks, as well as one-click tools and automatic mitigation capabilities it introduced to Microsoft Defender. The firm also released out-of-band updates to on-premises Exchange Server instances that are not supported anymore. It remains to be seen how long it will take for the remaining instances to be patched, but Microsoft will likely be banking on the ongoing momentum to continue for the next few weeks in order for that to happen.