Microsoft is readying a new feature for Exchange Online that will report, throttle, and block emails from unsecured on-prem Exchange servers.
Admins will be sent alerts if their on-prem exchange servers are deemed to be unsupported or are unpatched from security threats, complete with a reminder to update their infrastructure.
It marks a step towards reducing the risk of malicious emails reaching organisations, but also to encourage customers with unsupported or unpatched Exchange servers to secure their on-prem environments.
“We’ve said many times that it is critical for customers to protect their Exchange servers by staying current with updates and by taking other actions to further strengthen the security of their environment,” said Microsoft.
“Many customers have taken action to protect their environment, but there are still many Exchange servers that are out of support or significantly behind on updates.”
Exchange Online is set to receive a new mail flow report in the Exchange admin centre. This will provide admins with information about unsupported or expired Exchange servers in their environment.
The report will inform admins of any messages that are throttled or blocked, and what will happen if the server isn’t updated or taken out of service.
If the server’s issues haven’t been addressed then Exchange Online will throttle messages from it. The throttling will increase progressively over time and is designed to raise awareness of the issue with admins to try and get them to fix the server. If the issue isn’t addressed within 30 days, then emails will begin to be blocked.
Microsoft is adopting what it calls a “progressive” enforcement approach, where throttling will slowly increase over time, followed by gradual blocking, and then resulting in blocking all non-compliant traffic. The actions will escalate until the server is removed from service or updated.
The company said that the new system is set to be applied to all Exchange Server versions and all emails coming into Exchange Online. However, for now, the tech giant is starting with Exchange 2007 servers.
RELATED RESOURCE
“We have specifically chosen to start with Exchange 2007 because it is the oldest version of Exchange from which you can migrate in a hybrid configuration to Exchange Online, and because these servers are managed by customers we can identify and with whom we have an existing relationship,” Microsoft explained.
The new system will then be incrementally introduced into other Exchange Server versions, until all versions are included.
Microsoft is aiming to address the problem of emails sent to Exchange Online from unsupported and unpatched Exchange servers. It said these servers present a security risk as once they are no longer supported, they don’t receive security updates.
“Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers,” said the tech giant.
The company said that emails messages coming from servers that are unsupported or unpatched are “persistently vulnerable” and can’t be trusted. This means these servers can increase the risk of an organisation experiencing attacks like malware, security breaches, or hacking.
Rampant Exchange Server issues
Microsoft Exchange Servers have been repeatedly abused by malicious actors over the years.
In November 2021, compromised servers were used to spread a SquirrelWaffle malspam campaign after targeting unpatched instances. The malspam hijacked inboxes and set malicious emails responding to existing email chains.
Following other exploration attempts of Exchange Server earlier that year, Microsoft was forced to delay the technology's development roadmap.
The company admitted in June 2022 that it needed more time to strengthen its security following China-linked Hafnium attacks.
This was followed in December 2022 by a researcher who said that a ransomware attack on Rackspace may have been down to an attacker taking advantage of an out-of-date Exchange cluster.
Security researcher Kevin Beaumont suggested that the attackers exploited the server clusters which hadn’t been patched since August 2022, before the ProxyNotShell patches had been released.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
How to empower employees to accelerate emissions reductionin depth With ICT accounting for as much as 3% of global carbon emissions, the same as aviation, the industry needs to increase emissions reduction
-
Worldwide IT spending to grow 4.3% in 2023, with no significant AI impactNews Spending patterns have changed as companies take an inward focus
-
Report: Female tech workers disproportionately affected by industry layoffsNews Layoffs continue to strike companies throughout the tech industry, with data showing females in both the UK and US are bearing the brunt of them more so than males
-
How can small businesses cope with inflation?Tutorial With high inflation increasing the cost of doing business, how can small businesses weather the storm?
-
How to deal with inflation while undergoing digital transformationIn-depth How can organizations stave off inflation while attempting to grow by digitally transforming their businesses?
-
How businesses can use technology to fight inflation
TUTORIAL While technology can’t provide all the answers to fight rising inflation, it can help ease the pain on businesses in the long term
-
Embattled WANdisco to cut 30% of workforce amid fraud scandalNews The layoffs follow the shock resignation of the company’s CEO and CFO in early April
-
Some Tech Nation programs could continue after Founders Forum acquisitionNews The acquisition brings to a close a months-long saga over what the future holds for Tech Nation initiatives
