On-Premise Microsoft Exchange Server — Zero-Day Vulnerability

“On-Premise” usually refers to keeping physical server(s) within the company. Although many are quick to look to this as the best solution however, it is recommended on exceptional cases only and it is not always the best solution.

Advantages:

– The hardware and data belongs to the business with full control.

– In-house Exchange Server enables simpler integration to external systems that will work with MS Exchange. Examples: File-Smart & Mail-Store, etc.

– Server updates, re-starts, backups and shutdowns can be controlled and conducted at a time convenient to the business.

– Upgrades and Server configuration changes can be applied to the infrastructure at a time that is convenient to the business.

– Complete email archiving together with sophisticated search facilities.

– Public Folders allowing the sharing of one Mailbox to all users.

– Supports ability to configure multi-level and high- level security.

Disadvantages:

– Hardware maintenance and issues become the responsibility of the business to resolve.

– Large initial investment in Hardware, Software and associated Licensing.

– Server Maintenance requires approximately 2–4 hours per month, more than the cloud solution.

– Additional IT skills will be required to Support the Exchange Server and associated infrastructure.

– Reliability & Uptime of internally hosted Exchange Server is completely dependent on the Exchange Server configuration and the level of investment in infrastructure to successfully host an Exchange Server.

New Vulnerabilities

Microsoft recently contacted partners to alert us of an on-premise Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group. The vulnerabilities exist in on-premises Exchange Servers 2013, 2016, and 2019. Exchange Online is not affected.

Immediate action recommended by Microsoft to drive remediation steps and they include:

  • Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments you have at your business, are hosting and managing for a customer.
  • The first priority are servers that are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).
  • To patch vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.
  • You can use the Exchange Server Health Checker script, which can be downloaded from GitHub (use the latest release).
  • Running this script will tell you if you are behind on your on-premises Exchange Server updates (note that the script does not support Exchange Server 2010).
  • We also recommend that your security team assess whether or not the vulnerabilities are being exploited by using the Indicators of Compromise we shared on this link.
  • Please see the list of resources below for more information.

Resources — Exchange patch information

Contact us if you require help with your on-premise Microsoft Exchange server or any other Microsoft Product.

info@gigasecintl.com | 0815 444 2732

We design solutions that enable our clients monitor and control assets and resources in the field from anywhere leveraging on Internet Protocol Technology.