Hackers have twice targeted Microsoft’s Exchange Server in recent months. This has raised concerns about the security of thousands worldwide that use Microsoft software and systems. The Chinese Government supported the Hafnium hacking team that carried out this cyber attack.
Other than this attack on the nation-state, other criminal groups are exploiting the vulnerabilities of data breaches, including new ransomware and other cyberattacks.
The attack on Microsoft was a broad attack and caused enormous damage. This demonstrated the importance of protecting company’s exchange servers.
Microsoft offers tools for updating system software. However, this situation is unique and requires a different approach. Microsoft provides updates for out-of-support software to help businesses stay as safe as possible.
We will be discussing Microsoft Exchange Server and how organizations can protect it from cyber attacks.
What is Microsoft Exchange Server?
Microsoft Exchange Server is the most widely used business, email, or calendar server in the world. It runs on Windows operating system and is a client-side collaboration software application.
Source: Microsoft Dynamics 365 Gold Partner
Microsoft Exchange Server offers services such as email sending, voicemail transcriptions and task scheduling. It also provides tools to customize messaging service apps. This server connects to email using a proprietary protocol called MAPI. It supports POP3, IMAP and EAS.
The first release of the exchange server was on April 11, 1996. The current stable release (v15.02.221.12) was released in 2019. It does not support Skype for Business on premises. Customers will need to use alternate solutions like Azure cloud voicemail.
Microsoft Exchange Server Components
There are four components to the exchange server:
Information Storage: Stores and organizes all messages and voice calls.
System Attendant: Creates, manages and sends out and receives messages to clients.
Simple Mail Transfer Protocol (SMTP), allows inter-server messages and email transmission.
Active Directory: Updates system attendant with new mailbox information, manages user accounts, and distributes lists.
Preventing Server Attacks
To prevent cyber attacks, you must ensure that all security updates are installed on every system. You will need to identify the version of the exchange server that you are using, and then update your system accordingly.
What are these updates?
Here’s a list of all security updates:
Source: Microsoft
Microsoft will produce additional Security Updates (SUs), in addition to the ones mentioned above, for older versions that are not supported by Microsoft. It will effectively protect your servers. You must still update your server. You should not create additional security updates. This is a temporary measure that will provide protection against cyber attacks. You must still update your older version to the most recent supported Cumulative Updates. You can continue this update if you have already updated to latest CU.
These updates will give you a new path (see image below)
Source: Microsoft
All of these updates can be found in the Microsoft Download Center or Microsoft Update.
Microsoft also offers updates for older versions of Exchange Server 2013, 2016, 2019 and 2019. You can choose to roll forward to an updated version of Exchange Server 2013, 2016, or 2019, or go with the supported CU.
The Exchange Server will be vulnerable to cyber attacks if the SUs are installed and the latest CU is installed. This is until the March 2021 security updates are applied.
After installing updates, ensure that you reboot the system. After the reboot, the server will not be secured. This will protect your company from known attacks and allow you to secure the entire system.
Next, you need to identify any compromised systems and then remove them from your network. Microsoft has suggested a few steps, tools and scripts to scan the network for signs of compromise. The Microsoft Safety Scanner 2.0 finds potential threats. A new set of indicators is available in real-time, and can be shared widely.
On-Premises Exchange Server Vulnerabilities Resources
Source: Microsoft
Microsoft released security updates to the Microsoft Exchange Server in March 2021 to reduce vulnerabilities that are used in ongoing attacks. Due to the critical nature these vulnerabilities, it is important that businesses apply the patches immediately to any affected systems.