HomesecurityMicrosoft Exchange: New feature automatically mitigates high-risk bugs

Microsoft Exchange: New feature automatically mitigates high-risk bugs

Microsoft has added a new feature to Exchange Server that automatically applies temporary mitigations for high-risk security vulnerabilities (and may be actively exploited) to protect on-premises servers from incoming attacks and gives administrators more time to apply security updates.

This update comes after multiple Microsoft Exchange zero-day vulnerabilities exploited by state-funded hacking groups with financial incentives to compromise servers whose administrators did not have a patch or mitigation.

See also: Microsoft Exchange Autodiscover: Bugs leak Windows credentials

microsoft Exchange

See also: Microsoft: Delete passwords in Windows 10 immediately

Automatic protection for vulnerable Exchange servers

The new Exchange Server component, aptly named Microsoft Exchange Emergency Mitigation (EM), is based on Microsoft's Exchange On-Interior Mitigation Tool (EOMT) released in March to help customers minimize the "attack surface" that exposed by errors of ProxyLogon.

EM runs as a Windows service on Exchange Mailbox servers and will be automatically installed on mailbox servers after the development of CU September 2021 (or later) on Exchange Server 2016 or Exchange Server 2019.

It works by detecting Exchange Servers vulnerable to one or more known threats and applies temporary mitigations until a security update to be installed by administrators.

Mitigations that are automatically applied through the IM service are temporary fixes until the Security Update can be installed which fixes the vulnerability and does not replace Exchange SUs.

See also: Microsoft accounts: You can log in without a password

Optional function that can be deactivated

EM is an EOMT version that is integrated with Exchange Server and works with the Office-based Office Config Service (OCS) to download and protect against high-risk errors with known mitigations.

Administrators can disable the IM service if they do not want Microsoft to automatically apply mitigations to Exchange servers.

They can also control implemented mitigations using cmdlets and scripts PowerShell, which allow the display, re-application, blocking or removal of mitigations.

Source of information:

Teo Ehc
Be the limited edition.