Emails from outdated or unpatched Exchange Servers will be blocked
If you don't update, you won't be able to send out emails anymore
- Not updating or upgrading can seem comfortable, but it's not at all recommended.
- Microsoft will now protect against unsupported, unpatched Exchange Servers.
- If you haven't upgraded to a newer version, your emails will be immediately blocked.
We know that you are aware of the fact that there are several instances in the recent past where Exchange Servers were under attack.
We’ve covered cases in which vulnerabilities have been exploited in order to extract information or sums of money from unsuspecting victims.
You can check some of the fixes applied through the last Patch Tuesday rollout and see what you have to worry about and what not to worry about.
Some of the above-mentioned scenarios include the Hive windows.exe ransomware case from 2022, followed by a couple of 0-day attacks later in the year, among others.
The situation is about to change pretty soon, as Microsoft is planning on taking some extra security measures.
Microsoft is tightening the security belt around its products
In order to improve security, earlier this year, Microsoft recommended removing certain objects from the exclusion list. This followed January’s update which improved PowerShell payload security.
Today, however, Microsoft has updated a Tech Community blog post where it has shared details on how it is protecting against unsupported, unpatched Exchange Servers.
These server versions are the most vulnerable category since they no longer receive updates, including those for security.
The Redmond tech giant says that it is enabling a transport-based enforcement system (TES) in Exchange Online.
And, in case you are wondering how transport-based enforcement systems function, it will basically help to throttle or delay emails from unpatched servers until they are remediated.
In case there is no upgrade to the vulnerable server, the email flow will consequently be blocked, to avoid future problems.
Thus, to efficiently address this problem, Microsoft is enabling a transport-based enforcement system in Exchange Online that has three primary functions: reporting, throttling, and blocking.
Keep in mind that the system was designed to alert an admin about unsupported or unpatched Exchange servers in their on-premises environment that need remediation (upgrading or patching).
Furthermore, it also has throttling and blocking capabilities, so if a server is not remediated, mail flow from that server will be throttled (delayed) and eventually blocked.
Microsoft doesn’t want to delay or block legitimate emails, but it does want to reduce the risk of malicious emails entering Exchange Online by putting in place safeguards and standards for email entering our cloud service.
Remember to share your thoughts and opinions with us in the dedicated comments section located right below.