Recently, multiple Microsoft Exchange zero-day vulnerabilities were exploited and exposed the servers to risk, with the admins left with no patch and no way of securing the servers.
Automated protection
For customers who are exposed to the ProxyLogon bugs, the Exchange Server offers mitigation by building up on the EOMT and minimizes the attack. It works by detecting the Exchange Servers exposed to high risk or known threats. It runs on Windows service on Exchange Mailbox servers and will be automatically installed on Mailbox servers. Although the mitigation technique offers protection, it is only temporary and for a limited time until the security updates to fix the vulnerability are installed. Mitigation applied The Exchange service applies three types of mitigations;
IIS URL Rewrite rule mitigation: this is a rule blocking known malicious patterns of HTTP requests that pose a danger to the exchange server. Exchange service mitigation: detects and disables a vulnerable service on an Exchange server. App Pool mitigation: disables any vulnerable app pool on an Exchange server.
Exchange Server can be disabled
As said above, the mitigation is only temporary until the security update can be installed. The server is therefore not a replacement but only offers a rapid method of addressing high-risk vulnerabilities. If admins do not wish automatic mitigations applied on their servers, they can choose to disable the EM service. — E Hacking News (@EHackerNews) September 29, 2021 There are also other control applied mitigations if they do not wish to use this particular EM service. Mitigations tend to reduce server functionality hence are recommended only for high impact or high-risk issues. What do you think of such kinds of mitigations? Should they be automatic? Leave a comment down below.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
