IT security: How Microsoft Exchange servers want to protect more effectively

Share your love

table of contents

At the beginning of March 2021, the hacker group “Hafnium” exploited four security holes in the Microsoft Exchange server to hack systems on a large scale. Despite the emergency patch, hundreds of thousands of servers worldwide fell victim to the attacks in just a few hours. In order to be able to react better to such threats in the future, Microsoft introduced the “Emergency Mitigation” (EM) service with the cumulative updates at the end of September 2021. “Mitigations” are rules that mitigate the consequences of gaps found by switching off vulnerable functions.

Exchange servers regularly ask Microsoft servers whether there are new rules. Should such an incident repeat itself as in March, Microsoft creates a rule that the EM service automatically downloads to vulnerable Exchange servers and executes directly. Such a rule blocks requests that come in via a certain port, for example. Microsoft blocks vulnerable functions at the push of a button in order to protect servers until a security patch is available. The EM service is now running in the Exchange Server versions 2016 and 2019. If desired, admins can deactivate the function.

More about servers and setup

There is still work for the admins: The rules are applied automatically, but when a patch is available, you have to switch them off again manually. So that the process causes as little trouble as possible and does not constantly block functions on the Exchange server, Microsoft promises to only use EM in the event of critical gaps.

  • Access to all heise + content
  • exclusive tests, advice & backgrounds: independent, critically well-founded
  • Read c’t, iX, MIT Technology Review, Mac & i, Make, c’t photography directly in your browser
  • register once – read on all devices – can be canceled monthly
  • first month free, then monthly from € 9.95
  • Weekly newsletter with personal reading recommendations from the editor-in-chief

Start FREE month

Start your FREE month now

Already subscribed to heise +?

Sign up and read

Register now and read articles right away

More information about heise +

Article Source

Read Also   Babbel puts planned IPO on hold
Share your love