Microsoft is introducing a new security feature in Exchange Server designed to protect against security threats that have known mitigations.
According to the company, the Emergency Mitigation feature is a built-in version of the Exchange On-premises Mitigation Tool (EOMT) that works with the cloud-based Office Config Service (OCS) to provide protection against known threats.
It’s the same online configuration service used by Office clients, according to a Microsoft blog.
The optional Emergency Mitigation tool is for customers who want Microsoft to create and automatically apply vulnerability mitigations to their Exchange servers. System admins can disable it and continue to use the EOMT to manually mitigate threats.
According to Microsoft, the Emergency Mitigation tool works by checking the OCS for mitigations once an hour by calling into https://officeclient.microsoft.com/getexchangemitigations.
“Since in the future mitigations may be released at any time, we chose to have the EM service check for mitigations hourly,” the company said in a blog post.
My TechDecisions Podcast Episode 121: Hafnium and the Microsoft Exchange Server Vulnerabilities
If the company learns about a security threat and is able to create a mitigation for the issue, Microsoft can send that mitigation directly to the Exchange server, which would automatically implement the pre-configured settings.
The company says the mitigation package is a signed XML file that contains configuration settings for mitigating a known security threat.
“Once received by the Exchange server, the EM service validates the signature to verify that the XML was not tampered with and has the proper issuer and subject, and after successful validation applies the mitigation(s),” the company said in the blog.
However, Microsoft cautions that these mitigations are intended as a temporary and interim solution for customers until they can apply a patch for the issue, much like the one-click manual EOMT tool.
“As stated previously, the EM service is not a replacement for Exchange (security updates), but it is the fastest and easiest way to mitigate the highest risks to Internet-connected, on-premises Exchange servers prior to updating,” Microsoft said in the blog.
Microsoft Exchange emergency mitigation tool requires:
- The IIS URL Rewrite module v2 installed on Exchange Server
- On Exchange Server 2016 on Windows Server 2012 R2: the Update for Universal C Runtime in Windows (KB2999226).
- Exchange Server connectivity to the OCS, specifically to https://officeclient.microsoft.com
Read the company’s blog to learn more.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply