Microsoft is going to lengths to try and stop harmful emails from being distributed via its Exchange servers.
In a new blog post (opens in new tab), Microsoft’s Exchange team said it would be introducing a new feature which will first throttle, and then block, all emails sent from “persistently vulnerable Exchange servers”.
Microsoft defines these at-risk entities as, “Any Exchange server that has reached end of life (e.g., Exchange 2007, Exchange 2010, and soon, Exchange 2013), or remains unpatched for known vulnerabilities…for example, Exchange 2016 and Exchange 2019 servers that are significantly behind on security updates are considered persistently vulnerable.”
Securing the environment
The company says it will start throttling emails tThree months (90 days) after the server’s administrators get the notification that their Exchange servers are outdated and require attention.
For Microsoft, this is all about “securing the environment” and protecting Exchange Online recipients.
“Our goal is to help customers secure their environment, wherever they choose to run Exchange,” the Exchange team said in its announcement. “The enforcement system is designed to alert admins about security risks in their environment, and to protect Exchange Online recipients from potentially malicious messages sent from persistently vulnerable Exchange servers.”
The process will be gradual, the team explained. First, a few emails will be throttled, then a few more, than a few will be blocked, then a few more, until eventually the admins either patch their endpoints, or experience all of the outgoing emails being blocked.
When will the new feature kick off? For some servers, it already has. Microsoft explained it is now starting with a “very small subset” of outdated servers: Exchange 2007 connected to Exchange Online over an inbound connector type of OnPremises.
“We have specifically chosen to start with Exchange 2007 because it is the oldest version of Exchange from which you can migrate in a hybrid configuration to Exchange Online, and because these servers are managed by customers we can identify and with whom we have an existing relationship,” the team concluded.
Via: BleepingComputer (opens in new tab)