The Microsoft Exchange Server case.
How ITAM processes for monitoring EOL software are helpful in reducing exposures to security vulnerabilities.
The term EOL (End of Life) refers to software versions for which support has been scheduled to end and therefore security updates will no longer be available.
Visibility into EOL software and therefore with terminated support is something that should not be overlooked, because its execution on corporate networks can be associated with vulnerabilities that increase the risk of an organization's data.
There are many reasons why companies fail to gain control over EOL software: independent purchases at the multi-departmental level resulting in fragmented information, outdated asset lifecycle documentation, and also difficulty in chasing vendor announcements to massively plan migrations or upgrades.
But the security impacts are there for all to see: let’s take Microsoft Exchange Server in its 2007, 2010, 2013 versions as an example. According to a ShadowServer scan there are nearly 20,000 Microsoft Exchange e-mail servers in Europe, the U.S. and Asia that are vulnerable to remote code execution flaws and are exposed on the Internet.
These email systems, in fact, run a version of the software that is currently no longer supported (as can be seen from Microsoft's website for versions 2007, 2010 and not least 2013, which ended support on April 11th, 2023 and for which Microsoft strongly recommends migration to Microsoft 365, Office 365 or Exchange 2019).
Exchange falls among Microsoft's Fixed Lifecycle Policy products, which are products that already have an end-of-support date at the time of release. Typically, a minimum of five years is defined for Mainstream Support and an additional period of Extended Support, terms within which customers have Service Packs to deploy (fixes collected in "packages") or guidance to remediate vulnerabilities.
Beyond these dates, Microsoft does NOT guarantee any more security updates. With Exchange 2007, the end date for Extended Support is 2017, while with its "younger" versions we are in 2020 and April of this year.
As noted in Bleeping Computer, computers running unsupported versions of the Exchange server are vulnerable to ProxyLogon, a critical security issue classified as CVE-2021-26855, which can be related to a less serious bug identified as CVE-2021-27065 to achieve remote code execution.
In the case of instances that have reached the end of support, the only option left is to upgrade to a version that still receives security updates.
Setting up SAM processes (we have also discussed this here) allows for high-quality reports on real-time software usage: among the information shared we also find end-of-support data.
At WEGG we rely on Snow technology, whose software recognition database integrates with the vulnerability data provided by the National Vulnerability Database: in our client companies, we work to promote the monitoring of software running on corporate networks so that we have useful data for security.
Below there is a detailed screenshot of the Exchange 2007 product, which extracts end-of-support information directly from vendor-provided announcements:
The preparation of EOL software reports by our ITAM consultants with the support of Snow technology makes it easier to understand how many devices are affected by possible software with ended support and where these assets are located.
The organization of these reports - available after a metering period - includes information such as:
The awareness of which versions are no longer supported allows you to have control over vulnerabilities that may affect your license pool: in the screenshot below, taken from an analysis done on one of our customers, you can see which installed Exchange versions are still expected to be supported (2016 and 2019) and which for which it would be good to plan a migration as soon as possible (2010).
The analysis is not only retroactive: having up-to-date reports on EOL software also allows you to plan for future migrations. You can, in fact, trigger alerts on IT assets that reach the end of their lifecycle within 12 months and always be one step ahead of versions that are no longer supported.
The presence of outdated (out-of-support) software within your environment, in fact, exposes the enterprise to a constant security vulnerability: but what companies often overlook is the fact that the problem extends not only to products that require a paid license (see the Exchange case), but also to free products. The following report, for example, shows one of them, 7-Zip.
WEGG’s reporting on Snow technology becomes a key tool to help Security and Operations teams set up continuous risk mitigation processes.
Insights
OUR OFFICES
OUR OFFICES
PADUA
Via Arnaldo Fusinato 42, 35137
MILAN
Viale Enrico Forlanini 23, 20134
ROME
Viale Giorgio Ribotta 11, 00144
Copyright © 2022 WEGG S.r.l. • P.I 03447430285 • C.F. 02371140233 • REA 311023
Certified company ISO 9001:2015