Microsoft has started an emergency mitigation service that provides security for Exchange servers until there is a permanent solution. The whole thing is a new feature that is now being established in response to persistent security problems.
This is reported by The Record. Microsoft is now adding a new function to Exchange servers that makes it possible to provide temporary emergency corrections at any time. The provision of the so-called Emergency Mitigation Service (EM) started a few days ago. The new security feature for Exchange email servers is being introduced because it has been the focus of several major hacking campaigns over the past two years. The new feature automatically installs temporary remedial measures that block active exploitation of vulnerabilities until Microsoft is ready to release official patches. The administrators will then have to provide these patches as usual.
The cumulative updates from September are required
By default, EM service will be enabled for all Exchange servers once the September 2021 Cumulative Updates (CUs) for Exchange servers are installed. The update is a prerequisite for receiving the EM services. This emergency function should actually be started in mid-September, but the release has been delayed due to new weaknesses.
Under the hood, the service works automatically by establishing a connection to the Office Config Service (OCS) and downloading attenuations (in the form of XML rules) from the following URL: officeclient.microsoft.com/getexchangemitigations
The attenuations include three types of configuration changes:
- Weakening of the IIS URL rewrite rule. This is a rule that blocks certain patterns of malicious HTTP requests that can compromise an Exchange server.
- Exchange service degradation. This will disable a vulnerable service on an Exchange server.
- App Pool Mitigation: Deactivates a vulnerable app pool on an Exchange server.
As soon as Microsoft detects a new attack, the security team will distribute temporary weakenings via EM to all Exchange servers worldwide and start working on a software patch.
Deactivation of the service
“Since remedies can be published at any time in the future, we have decided to let the EM service search for remedies every hour,” explained the Microsoft Exchange team. For Exchange servers installed in highly secure environments, Microsoft also offers a way to disable the EM service so that administrators can apply mitigation measures manually or with the Exchange On-premises Mitigation Tool (EOMT).
Brian is the news author at Research Snipers which mainly covers Technology News, Microsoft News, Google News, Facebook, Apple, Huawei, Xiaomi, and other tech news.