Microsoft’s Exchange Server, a cornerstone for internal and external business communications, has been a prime target for cyber-attacks. Recognizing this, Microsoft introduced the Exchange Emergency Mitigation Service (EEMS) in September 2021. This service automatically applies interim mitigations to high-risk security flaws, thereby safeguarding on-premises Exchange servers from attacks until a full security update can be released.
EEMS, designed to run as a Windows service on Exchange Mailbox servers, effectively shields servers by detecting vulnerabilities and deploying necessary mitigations. However, this vital service encounters significant hurdles when interfacing with outdated servers. The Exchange Team recently highlighted that servers running versions older than March 2023 cannot communicate with the Office Configuration Service (OCS) to download new security mitigations, leading to critical security gaps.
Understanding the Certificate Deprecation Issue
The root of this problem lies in the deprecation of one of the older certificate types in the OCS. Microsoft has already rolled out a new certificate within the OCS, ensuring that servers updated with any Exchange Server Cumulative Update (CU) or Security Update (SU) post-March 2023 can continue to check and apply new EEMS mitigations.
This certificate update is a call to action for organizations lagging behind in their server maintenance. As the Exchange Team advised, “If your servers are so much out of date, please update your servers ASAP to secure your email workload and re-enable your Exchange server to check for EEMS rules.”
Historical Context and the Persistent Threat
The urgency of this update cannot be understated, given the historical context of attacks exploiting vulnerabilities in Exchange servers. Notably, the ProxyLogon and ProxyShell zero-days were leveraged by at least ten hacking groups, including the Chinese-sponsored threat group known as Hafnium, to infiltrate Exchange servers. These exploits were particularly dangerous because they occurred before patches or mitigations were readily available.
In response to such threats, Microsoft has been proactive in urging customers to apply the latest supported Cumulative Updates and keep their servers patched. This guidance was reiterated in January 2023, underscoring the need to prepare on-premises servers for any emergency security updates.
Keeping Exchange Servers Secure: Best Practices
Ensuring the security of Exchange servers is paramount. Organizations must prioritize regular updates and patches as part of their routine security protocols. Running the Exchange Server Health Checker can provide insights into necessary actions for maintaining optimal server health and security.
The call to update Exchange servers is not just about maintaining functionality—it’s about securing vital business communications from increasingly sophisticated cyber threats. As digital landscapes evolve, so too must our approaches to cybersecurity. Keeping Exchange servers updated is no longer optional; it is a critical imperative for businesses aiming to protect their data and maintain trust in an ever-connected world.
