Advance Microsoft Exchange Service Alleviates High-Risk Flaws Automatically

Advance Microsoft Exchange Service Alleviates High-Risk Flaws Automatically

Recently, Microsoft has added an advanced Exchange Server feature that automatically administrates the interim mitigations for high-risk (and likely actively exploited) security bugs to protect on-premises servers against approaching the attacks and provide admin more time to apply the security updates.

This update release after various Microsoft Exchange zero-day vulnerabilities were exploited by state-sponsored and financially motivated hacking gangs to negotiate servers whose admins had no patch or alleviation information available.

Automatic Safety for Sensible Exchange Servers

The advanced Exchange Server elements, appropriately known as Microsoft Exchange Emergency Mitigation (EM) service, were generated upon Microsoft’s Exchange On-premises Mitigation Tool (EOMT) released in March to let the customers minimize the attack surface revealed by the ProxyLogon bugs.

EM executes as a Windows service on Exchange Mailbox servers and it will be automatically installed on the servers with the Mailbox role after setting up the CU on Exchange Server 2016 or Exchange Server 2019.

It functions by analyzing Exchange Servers vulnerable to one or more known threats and applies interim mitigations until a security update is available for admins to install.

New-Microsoft-Exchange-service-mitigates-high-risk-bugs-automatically-image1

Alleviation applied automatically through the EM service are temporary fixes until the Security Update that fixes the vulnerability can be installed and are not a replacement for the Exchange SUs.

Once installed on an Exchange email server, the EM service can apply the following type of mitigation:

  • IIS URL Rewrite rule Alleviation: A rule that blocks some patterns of malicious HTTP requests that can threaten an Exchange Server.
  • Exchange Service Mitigation: It disables a vulnerable service on an Exchange Server.
  • App Pool Mitigation: It disables a vulnerable app pool on an Exchange server.

What are the Optional Features that can be Disabled? 

This advance service is not a replacement for installing the Exchange Server Security Updates (SUs), but it is the fastest and easiest way to alleviate the highest risks to Internet-connected, on-premises Exchange servers prior to installing applicable SUs,” the Exchange Team explained.

EM is an EOMT version built within Exchange Server that works with the cloud-based Office Config Service (OCS) to download and protect against high-risk bugs with known mitigations.

Admins can disable the EM service if they don’t want Microsoft to apply mitigations to their Exchange servers automatically. They can also control applied mitigations using PowerShell cmdlets and scripts, which allow viewing, reapplying, blocking, or removing mitigations.

“The plan is to release the mitigations only for the most serve security issues, such as issues that are being actively exploited in the wild,” the Exchange Team stated.

“Because apply mitigations may reduce server functionality, we plan on releasing the mitigation only when the biggest harm or severity are discovered.”

Leave a Reply