Protect your Exchange Servers
Microsoft wants businesses to keep their Exchange servers updated and hardened to protect them from cyberattacks. Criminals target valuable data in the email system. Microsoft encourages customers to enable Windows Extended Protection and configure certificate-based signing of Powershell.
According to a blog post:
“Attackers looking to exploit unpatched Exchange servers are not going to go away. There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts.”
Although the company issued mitigations, they can only offer a stopgap solution. Soon, they can be insufficient against a wide range of attacks. Thus, to secure the servers, users must install the necessary security updates.
Lucrative Attack Vector
Exchange Server has been a lucrative attack vector. In just two years, various sets of vulnerabilities have been unearthed. Bitdefender described it as an ideal target for server-side request forgery (SSRF). “CAS implementation on on-premises Microsoft Exchange servers is vulnerable to SSRF attacks. And this initial discovery was just the tip of the iceberg.”
Cybercriminals often target Exchange Server because it contains valuable information, such as sensitive business data, financial information, and personal information of employees and customers.
By compromising an Exchange Server, attackers can gain access to this sensitive information and potentially use it for financial gain or steal identities.
Another reason cybercriminals may target Exchange Server is that it is often used by organizations as the central hub for email communication. By compromising an Exchange Server, attackers can gain access to a large number of email accounts and use them to launch further attacks, such as phishing campaigns, or gain access to other systems on the network.
Additionally, an Exchange server can be used as an initial entry point to the network, then attackers can use that access to move laterally through the network to gain access to other systems and data.
In 2022, Microsoft issued a fix to ProxyNotSheel flaws there were exploited. One flaw is the RECE bug and the other is server-side request forgery flaws. Bad actors could use these two flaws and take over a compromised system.
Another flaw was found last year and it was reported that a Russian group exploited vulnerabilities in Exchange using an automated attack system designed to steal data.
The vulnerabilities in Microsoft Exchange have been a recurring tactic by cybercriminals.
The initial infection vector evolves. Threat actors exploit any new opportunity they could find.
Shadowserver Foundation found more than 60,000 servers are still vulnerable to attacks. To make things worse, there’s still a considerable number of servers exposed online. Thousands are waiting to be secured from attacks that target the ProxyShell and ProxyLogon flaws.
The Exchange Team provided a survey about this topic and organizations are encouraged to participate.
“We know that keeping your Exchange environment protected is critical, and we know it’s never ending. We’re here to support our customers any way we can. We are constantly looking for ways to improve the Exchange Server update process.”
After installing an update, organizations must also run the Health Checker tool to find what other manual tasks are needed to be done to provide the utmost protection to their servers.
.svg){kind=link}