Microsoft has implemented a new Exchange feature to secure servers at high risk from attacks by applying interim mitigations. The new feature aims to buy more time and allow admins to apply security updates before attackers exploit the vulnerability. 

  • There is a new Microsoft Exchange feature that mitigates high-risk bugs.The update follows after multiple vulnerabilities were exploited.The new server is an optional feature that can be disabled.

Recently, multiple Microsoft Exchange zero-day vulnerabilities were exploited and exposed the servers to risk, with the admins left with no patch and no way of securing the servers.

Automated protection

For customers who are exposed to the ProxyLogon bugs, the Exchange Server offers mitigation by building up on the EOMT and minimizes the attack.

It works by detecting the Exchange Servers exposed to high risk or known threats. It runs on Windows service on Exchange Mailbox servers and will be automatically installed on Mailbox servers.

Although the mitigation technique offers protection, it is only temporary and for a limited time until the security updates to fix the vulnerability are installed.

Mitigation applied

The Exchange service applies three types of mitigations;

  • IIS URL Rewrite rule mitigation: this is a rule blocking known malicious patterns of HTTP requests that pose a danger to the exchange server.
  • Exchange service mitigation:  detects and disables a vulnerable service on an Exchange server.
  • App Pool mitigation: disables any vulnerable app pool on an Exchange server.

Exchange Server can be disabled

As said above, the mitigation is only temporary until the security update can be installed. The server is therefore not a replacement but only offers a rapid method of addressing high-risk vulnerabilities. If admins do not wish automatic mitigations applied on their servers, they can choose to disable the EM service.

Latest Microsoft Exchange Server Feature Mitigates High-Risk Bugs https://t.co/iOGc1Dozcp pic.twitter.com/iqEbUvjOK5

— E Hacking News (@EHackerNews) September 29, 2021

There are also other control applied mitigations if they do not wish to use this particular EM service. Mitigations tend to reduce server functionality hence are recommended only for high impact or high-risk issues.

What do you think of such kinds of mitigations? Should they be automatic? Leave a comment down below.

If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

Still having issues? Fix them with this tool:

SPONSORED

Email *

Commenting as . Not you?

Comment