Latest Microsoft Exchange Server Allows Automatic Bugs Mitigation

Microsoft recently added a new Exchange Server designed to automatically deploy interim mitigations for high-risk security vulnerabilities that actors are likely to exploit. The new feature guarantee on-premise servers are adequately protected from incoming attacks while ensuring admins get enough time to apply relevant security updates. The new update comes after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers unlimited access to user emails and passwords on the affected servers and access to admin privileges and connected devices on the same networks.

The global wave of cyberattacks and data breaches that began in January 2021 and extended to March 2021 affected an estimated 250,000 servers, including servers belonging to over 300,000 organizations in the USA.

What Is Microsoft Exchange Server?

Microsoft Exchange Server is a popular premium email and messaging platform that many organizations and entities worldwide leverage for communication and collaboration needs. Recently Microsoft Exchange Server caught the world’s attention after several news reports detailed how Chinese state-sponsored cybercriminals were extracting data from the platform that will be used for secret AI projects. In the past, Microsoft Exchange Server has been at the center of several other cyberattacks, and the new Emergency Mitigation tool is being implemented to address some of these concerns.

What Is the New Exchange Server/ Microsoft Exchange Emergency Mitigation (EM) Service?

The new Exchange Server, aptly named Microsoft Exchange Emergency Mitigation (EM) service, is designed to enhance Microsoft’s Exchange On-premises Mitigation Tool (EOMT) launched in March to help users reduce the attack surface exposed by the ProxyLogon bugs. EM is designed to run as a Windows service on Exchange Mailbox servers and will automatically be installed on servers with the Mailbox role once you install the September 2021 or later version CU on Exchange Server 2016 or Exchange Server 2019.

How Does the Microsoft Exchange Emergency Mitigation (EM) Service Work

Essentially, the Microsoft Exchange Emergency Mitigation (EM) service detects Exchange Servers vulnerable to known threats. It will then automatically apply adequate interim mitigations until when the admins install a security update. This means that the mitigation applied through the EM service are only temporary fixes, implying admins have to install the relevant Security Update that fixes the vulnerability.

What Are the Mitigations That the EM Service Provides?

The EM service helps keep your Exchange Servers secure by applying several mitigation measures that resolve any potential threats against your servers. It leverages cloud-based Office Config Service (OCS) to check for and download available mitigations. It will then send diagnostic data to Microsoft.

After installing the EM service on the Exchange email server, the service will apply the following types of mitigations:

  • App Pool mitigation: This feature automatically disables a vulnerable app pool in an Exchange server
  • Exchange service mitigation: This feature disables a vulnerable service on an exchange server
  • IIS URL Rewrite rule mitigation: The rule is designed to block specific patterns of malicious HTTP requests that could compromise an Exchange server.

The Prerequisites for the EM Service

The following are the prerequisites that should already be on your Windows Server where Exchange is to be installed:

  • Universal C Runtime in Windows (KB2999226) for Windows Server 2012 and Windows Server 2012 R2
  • IIS URL Rewrite Module

Connectivity for the EM Service

The EM service requires connectivity to the OCS download mitigations effectively and seamlessly. A missing outbound connectivity to the OCS during the installation of the Exchange Server ultimately results in myriads of Set up problems. Notably, although you can install the EM service without connectivity to the OCS, the connectivity to the OCS should be present for you to download and apply the latest mitigations.

How Can I Disable the EM Service?

The EM service is an optional feature that can be disabled. Admins can disable the EM service whenever they feel they don’t need Microsoft to automatically apply mitigations to the Exchange servers. Admins can also control applied mitigations by leveraging PowerShell cmdlets and scripts that allow removing, blocking, reapplying, and viewing mitigations. Earlier on, the Exchange Team revealed it was planning to release the mitigations only for the most severe security issues, precisely the issues being actively exploited in the wild. While acknowledging that applying mitigations will likely decrease server functionality, the team revealed they intend to release mitigations only when severe issues are found.

Is the EM Service Worth It?

There is no doubt cyberattacks are on the rise. These attacks are not only happening more frequently, but they are also becoming more advanced and sophisticated. Experts estimate that a ransomware attack will occur every 11 seconds in 2021. To avoid falling victim to crafty cybercriminals, it is imperative to ensure your on-premise Exchange Servers are secure and up to date. The EM tool automatically applies mitigations that are administered by Microsoft for active security issues, thus boosting your efforts to secure your IT infrastructure. The main benefit of the EM tool is that it eliminates manual processes by automating and streamlining security processes that help identify and mitigate subtle vulnerabilities before they cause any damage.

Will the EM Service Succeed in Forestalling Attacks?

There is no doubt Microsoft Exchange and its extension is on a clear mission to remove the perception the platform is an easy target for cybercriminals. Microsoft’s new EM feature has received many accolades from industry experts as a robust response to the ever-growing cybersecurity threats. Whether the tool will succeed in preventing the similar attacks experienced in 2020 and the first half of 2021 remains to be seen. Organizations leveraging this tool should add extra layers of security strategies to guarantee adequate protection.

Get Professional Help to Protect Your IT Environment

If you are a business owner or professional in Baton Rouge and New Orleans, you can benefit from Essential Solutions managed IT services designed to enhance efficiency, boost productivity and protect your IT infrastructure and critical business data. Our managed cybersecurity services include vulnerability scanning and anti-viral services, managed firewalls, managed intrusion, detection and response, threat management, managed endpoint security, managed cloud security, and more. We also provide customized managed help desk services, cloud and hosted services, VoIP services, onsite and cloud backup services, and more. Contact us today to request a quote.