Securing Microsoft Exchange Server – Defencing Exchange Server
Though many Exchange Admins are good at securing their Exchange Server from Vulnerabilities.
But still, an admin has to keep many things in mind.
As you are aware of recent on-premises Microsoft Exchange attacks
Though Exchange Online is completely safe and has no impact of this attack.
So, you should, check your on-premises Exchange for Vulnerabilities & patch them as soon as possible.
To recommend the up-gradation to the latest version of Microsoft Exchange.
In this context, Microsoft provides some different techniques to users who are not able to update their software quickly.
However, These updates do not assure complete safety against virus attacks.
So, depending on the organization’s needs, users can opt for any of the mitigation strategies.
Microsoft Exchange Server Mitigation
There are some mitigations mentioned below that have good protection against the attack.
These up-gradations would not come up with an adversary to the users who have not compromised with the server.
Until the Exchange servers are not fully patched these types of servers can be used on a temporary basis. Hence these mitigations are as follows:
- Exchange Mitigations
- Backend cookie Mitigation
- Unified Messaging Mitigation
- ECP Application Pool Mitigation
- OAB Application Pool Mitigation
One-Click Microsoft Exchange On-Premises Mitigation Tool
Microsoft has been working seriously and helps in securing exchange server on-premises via the one-click tool.
This one-click mitigation tool for exchange download the necessary dependencies and runs the Microsoft Safety Scanner.
This method is the quickest method to mitigate your exchange server before patching.
Microsoft provides the new one-click tool for securing the exchange server.
Download the one-click mitigation tool EOMT
This tool detects if your server is vulnerable & mitigate it if found vulnerable
Requirements to run the Exchange On-premises Mitigation Tool
- External Internet Connection from your Exchange server (required to download the Microsoft Safety Scanner and the IIS URL Rewrite Module).
- PowerShell script must be run as Administrator.
- PowerShell 3 or later
- IIS 7.5 and later
- Exchange 2013, 2016, or 2019
- Windows Server 2008 R2, Server 2012, Server 2012 R2, Server 2016, Server 2019
Additional Hunting & Investigation Techniques.
- Nmap Script To scan For CVE-2021-26855
This is used for the validation of the patch and also checks the status of mitigation towards the servers which are exposed.
This also checks whether the specific URL is vulnerable to the SSRF.
The signs of the proxy login compromise check targeted exchange servers.
- Microsoft Support Emergency Response Tool (MSERT)
This is to scan the Microsoft exchange server.
Here are some steps to install the same:-
- From Microsoft safety scanner the users can download MSERT.
- The End User License Agreement should be read and agreed upon by the customer. And then click ‘next’.
- To do the customized scan or full scan is a choice that can be opted by the customer.
Avoid Issues While Manually Updating Exchange Server
- When the users try to manually update the software by double-clicking on it, then some files may not be completely updated.
- After the update process is completed, if there is an error during the completion then there won’t be any notification or a message of the same. However, the outlook or ECP may stop working.
- The security update doesn’t rightly stop some of the services related to exchange. It also generated issues for some (UAC) User Account Control.
Note: This issue does not occur if the customer installs the update through Microsoft Update.
Updating Exchange Server
- Type CMD after selecting ‘Start’.
- Select Run as Administrator after right-clicking the Command Prompt. This process is to be carried out in results.
- Verification of the default action is the action that the users want and he or she can verify after the appearance of User Account Control. After the selection then click on continue.
- Press enter after typing the full path of the MSP file.
Steps to follow for updating Exchange Server
Method 1: Microsoft Update: This can be done by windows update. This is an automatic process if the automatic update option is on.
Method 2: Microsoft Update Catalog: Microsoft Update Catalog website should be gone through to get the benefit of the standalone package for the updates.
Method 3: Microsoft Download Centre: Through the Microsoft Download center the customers can get the benefits of a standalone update package.
After following the above-given steps, the users can get the necessary services are restarted automatically after the application of this update.
After the installation of these security updates, services related to Exchange might remain in the disabled state.
This state does not mean that the update is not installed in the wrong way.
Therefore, to fix the above issues, open service manager to restore the start-up type services to automatic.
Please find the security update for Microsoft Exchange Server 2013, 2016, 2019 and download it from the Microsoft download center
Moreover, if you face any issue while updating or running the Mitigation Tool while securing the exchange server.
Feel free to contact me at info@techijack for free help assistance.