New feature in Exchange Server will apply fixes automatically

New feature in Exchange server

Microsoft has added a new feature to Exchange Server that will automatically take action to remediate high-risk vulnerabilities (most likely already exploited by hackers).

This should protect Exchange servers from attacks and give administrators more time to install full-fledged patches when Microsoft releases them. The fact is that zero-day vulnerabilities in Microsoft Exchange have recently been regularly exploited by “government hackers”, as well as by groups pursuing financial gain.

For example, I recently wrote about US and UK accused China for attacks on Microsoft Exchange servers. Moreover, Sophos experts have discovered the Epsilon Red ransomware that exploits vulnerabilities in Microsoft Exchange servers to attack other machines on the network.

The new functionality is called Microsoft Exchange Emergency Mitigation (EM) and is based on the Exchange On-premises Mitigation Tool (EOMT), released in March this year to help identify and fix ProxyLogon problems.

EM runs as a Windows service on Exchange Mailbox servers and will be automatically installed on Exchange Server 2016 and Exchange Server 2019 mailbox servers after the September 2021 cumulative update (or newer) is deployed. Administrators can disable EM if they don’t want Microsoft to automatically apply security measures to their servers.

The new functionality will detect Exchange servers that are vulnerable to one or more known issues and automatically apply temporary mitigation measures to them (until administrators can apply full patches).

So far EM offers three types of protection:

  • A custom rule blocks certain patterns of malicious HTTP requests that could compromise the Exchange server.
  • disabling the vulnerable service on the Exchange server;
  • disabling the vulnerable application pool on the Exchange server.
The new service will not replace the installation of security updates on Exchange Server, but it is the fastest and easiest way to mitigate the highest risks to Internet-connected on-premises Exchange servers before installing the appropriate patches.the developers write.

Let me also remind you that I talked about the fact that Hackers attack Microsoft Exchange servers on behalf of Brian Krebs.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *