The Case of the (Missing) Unpatched Environment: Microsoft Exchange Server Vulnerability

How Corvus addressed the risk and ended up with a safer policyholder.


  • A national retail franchise sought cyber coverage from Corvus after an exorbitant renewal premium quoted by their current carrier 
  • The Corvus Scan found servers on the applicant’s system that had not been patched against the Microsoft Exchange Server vulnerability, despite the applicant and their managed service provider (MSP) expressing confidence that the system had been patched
  • The Corvus team dug into the results and located the specific issue, uncovering a chain of miscommunication between the MSP and client that had led to the gap in security
  • With the system patched, Corvus was able to produce a competitive quote and bound the account

For a deeper look into the steps we took to work with the applicant and reduce their risk, you can read the full case study here.