Microsoft is urging organizations to keep their Exchange servers protected by installing the latest available Cumulative Update and Security Update on all Exchange servers and some Exchange Management Tool workstations.
In addition, Microsoft recommends occasionally performing manual tasks to harden Exchange environments, such as enabling Extended Protection and enabling certificate signing of PowerShell Serialization payloads.
In a blog, Microsoft’s Exchange Team writes that attacks against unpatched Exchange servers are not going away.
“There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts,” the Exchange Team writes.
The blog outlines three targets of unpatched Exchange servers:
- User mailboxes with critical and sensitive data
- A copy of the company address book for use in social engineering attacks
- Deep integration and permissions within Active Directory that could provide access to the connected cloud environment
Microsoft urges organizations to defend Exchange servers against known vulnerabilities by installing the latest supported cumulative updates, which are currently CU12 for Exchange Server 2019, CU23 for Exchange Server 2016, CU23 for Exchange Server 2013, and the January 2023 security update.
After installing an update, admins should run the Health Checker to search for manual tasks that need to be performed.
Microsoft also warns that mitigations released and automatically applied to Exchange servers are only designed for temporary protection, so admins should apply security updates as soon as they are made available rather than relying upon mitigations.
The Exchange Team blog includes several helpful links, such as:
- Guidance and best practices for cumulative updates
- Security update guide
- FAQ in article Why Exchange Server Updates Matter
- Exchange Server Health Checker
- Exchange updates step-by-step guide
SetupAssist and Update Troubleshooting Guide to help troubleshoot update errors.
In addition, Microsoft says to be sure to install necessary updates for Windows Server and other software running on Exchange servers, and updating Active Directory, DNS and other servers used by exchange.
Read Microsoft’s blog for more information.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply