Microsoft Exchange Introduces New Security Tool to Address New Vulnerabilities
The latest update for Microsoft Exchange that was rolled out in September included a new feature for servers that are stored on-premise. After the rollout of the new security feature, servers can mitigate vulnerabilities under an automated process.
Microsoft Exchange is an email server that runs on Windows Server operating systems and is the driving force behind several Microsoft Outlook properties. Microsoft Exchange is an email-based communications server that businesses and organizations use every day. With Microsoft Exchange, users have secure access to their sensitive and confidential data. Users that have access to devices that have a reliable internet connection, users will have access to their Microsoft Exchange account.
Microsoft Exchange administrators have not had much fun in 2021 with several vulnerabilities affecting Exchange servers. The series of vulnerabilities led to the introduction of more updates and patching or the manual of mitigations that would serve as a better defense. With bad actors needing only a few minutes to scan for vulnerabilities, Exchange server administrators continue to find it challenging to remain aware of the vulnerabilities and effectively apply mitigations or patches.
How Will Exchange Server Administrators Stay Alert?
In September, Microsoft announced that it would launch an Exchange Server Emergency Mitigation tool. This tool will address the need to ensure on-premises Microsoft Exchange servers are protected against the latest vulnerabilities on the Microsoft Exchange servers. The goal behind the new feature is to ensure Exchange servers are protected against the latest vulnerabilities and threats. This move by Microsoft seeks to help businesses and organizations that do not have internal Exchange administrators or an IT security team to handle daily threats.
The Microsoft Exchange Emergency Mitigation tool offers an alternative to the previous manual solutions. Emergency Mitigation was a part of the September CU for Microsoft Exchange. How does EM work? Once every hour, the Emergency Mitigation tool will check the OCS (Office Config Service) to determine if there are any available mitigations. If there are mitigations, the mitigations will be installed accordingly. However, these mitigations are not intended to be a replacement for security patches. According to Microsoft:
This new service is not a replacement for installing Exchange Server Security Updates (SUs), but it is the fastest and easiest way to mitigate the highest risks to Internet-connected, on-premises Exchange servers prior to installing applicable SUs.
What Are the Key Components of Emergency Mitigation?
The Emergency Mitigation tool can be installed on top of Windows operating systems as another service component. Emergency Mitigation will run as another Windows service on on-premises Exchange servers. Exchange administrators can manage the Emergency Mitigation service just like the other Windows services that are on the operating system. Exchange administrators can disable the service or enable it for automatic startup.
Before the security update containing the Emergency Mitigation tool can be installed, the on-premise server needs to have a reliable internet connection. If an on-premise server does not have any exposure to the internet, the EM tool does not have to be installed.
The Emergency Mitigation (EM) service has the ability to apply mitigations by doing the following:
- Filtering HTTPS requests that are malicious by using the IIS rewrite rule
- Deactivating or disabling an Exchange service
- Disabling an application pool or virtual directory
- Change authentication settings for an exploitable service or feature or directory
As soon as an attack has been detected by Microsoft, the security team will distribute temporary weakenings from Emergency Mitigation to all Exchange servers and begin working on a patch. Automatic threat mitigation for a hosted or an on-premise Exchange Server is a good move by Microsoft. By introducing the Emergency Mitigation tool in the September Cumulative Update, Microsoft is giving on-premise Exchange clients the ability to enjoy proactive security monitoring and the application of security patches.
Will the New Security Measures Prevent A Repeat of 2021?
Microsoft Exchange has been under the spotlight several times in 2021. Recently, Microsoft Exchange was under the spotlight again due to the poor implementation of its autodiscover protocol. Hundreds of thousands of Windows credentials were leaked due to the autodiscover bug. While the latest moves appear to be implementing a safety measure to address the problem, the Emergency Mitigation tool is one that will hopefully be less of a temporary solution and more of a permanent solution.
The Emergency Mitigation tool was rolled out months after high-profile threats and attacks surrounding Microsoft Exchange that involved numerous reports of state-sponsored Chinese hackers extracting data for more than just spying. China’s most recent hacking attack on Microsoft Exchange possibly had one major end goal in mind: to boost AI development. The latest Microsoft Exchange incident received attention from a variety of agencies, including the U.S. Cyber and Infrastructure Security Agency (CISA).
Given the unwanted attention that Microsoft Exchange has faced over the last 12 months, it comes as no surprise that Microsoft wants to do everything it can to prevent Microsoft Exchange from being targeted again. Microsoft Exchange and its components no longer want to be viewed as easy targets for bad actors.
At Acom Networks, we address our clients’ every need regarding Microsoft Exchange and its extensions. We understand how crucial it is that your server, network, applications, etc. are in optimal operating condition at all times. We provide immediate support that your organization needs to maintain, monitor, and protect your organization. Our team has extensive knowledge and experience with Microsoft environments.
Our experience with Microsoft services and applications allows us to address and resolve any issue you may be facing. We are dedicated and committed to the success of your operations. We will diagnose your current systems, servers, and networks and provide you with a roadmap that will ensure your organization is going in the right direction.
Will the latest actions by Microsoft prevent future problems? That remains to be seen, but Acom Networks will be here to provide your business or organization with the support and services it needs, through the good and the bad. Contact us today to schedule your free consultation.