Microsoft urges customers to secure on-premise Exchange servers

Microsoft is urging its customers to keep Exchange servers updated and secure, as on-premises Exchange servers remain a popular cyberattack target. Microsoft recommends customers enable Windows Extended Protection and configure certificate-based signing of PowerShell serialization payloads.

The new warning is entitled, “Protect your Exchange servers” in a new blog post by Microsoft.

“We’ve said it before, we’re saying it now, and we’ll keep saying it: it is critical to keep your Exchange servers updated. This means installing the latest available Cumulative Update (CU) and Security Update (SU) on all your Exchange servers (and in some cases, your Exchange Management Tools workstations),” the post begins.

Microsoft’s guidance for keeping Exchange up-to-date includes:

  • Be sure to always read our blog post announcements, noting known issues and recommended or required manual actions. For CUs, always follow our guidance and best practices, and for SUs, use the Security Update Guide to find relevant information.
  • Be sure to review our update FAQ in the article Why Exchange Server Updates Matter.
  • Use the Exchange Server Health Checker to inventory your servers and see which Exchange servers need updates (CUs or SUs), and if any manual action needs to be taken.
  • Once you know what updates are needed, use the Exchange updates step-by-step guide (aka the Exchange Update Wizard) to choose your currently running CU and your target CU and get directions for updating your environment.
  • If you encounter errors during update installation, the SetupAssist script can help troubleshoot them. And if something does not work properly after updates, have a look at the Update Troubleshooting Guide, which covers the most common issues and how to resolve them.
  • Be sure to install any necessary updates for Windows Server and other software that might be running on your Exchange server(s).
  • Be sure to install any necessary updates on dependency servers, including Active Directory, DNS, and other servers used by Exchange.

Despite the ubiquity of cloud and software as a service, there are plenty of customers and organizations that still require and utilize on-premises applications. Microsoft Exchange is one of the most popular on-premises services, but it also remains a vulnerable target.

This is due to Exchange servers house all of the customers’ email, which often contains critical and sensitive data. Every Exchange server contains a copy of the company address book, which provides valuable intel for threat actors looking to conduct social engineering attacks, learn organizational structure, employee titles, and so on.

Microsoft is even encouraging its customers to complete a survey to offer advice on how they can make Exchange even more secure. You can submit that form on their website.

Recently, on-premises Exchange servers were targeted by cybercriminals with a ransomware attack at Rackspace. Rackspace has since shut its Exchange servers down permanently, but not before the attackers managed to access customer email.