"By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security configurations, and adopting zero trust (ZT) security model principles, organizations can significantly bolster their defenses against potential cyber attacks," CISA said. The agencies said malicious activity aimed at Microsoft Exchange Server continues to take place, with unprotected and misconfigured instances facing the brunt of the attacks. Organizations are advised to decommission end-of-life on-premises or hybrid Exchange servers after transitioning to Microsoft 365."
"Enable antivirus solution, Windows Antimalware Scan Interface (AMSI), Attack Surface Reduction (ASR), and AppLocker and App Control for Business, Endpoint Detection and Response, and Exchange Server's anti-spam and anti-malware features Restrict administrative access to the Exchange Admin Center (EAC) and remote PowerShell and apply the principle of least privilege Harden authentication and encryption by configuring Transport Layer Security (TLS), HTTP Strict Transport Security (HSTS), Extended Protection (EP), Kerberos and Server Message Block (SMB) instead of NTLM, and multi-factor authentication"
CISA and NSA, together with partners from Australia and Canada, issued recommendations to harden on-premises Microsoft Exchange Server instances against ongoing exploitation. Recommendations include maintaining timely security updates, migrating or decommissioning end-of-life Exchange servers after transitioning to Microsoft 365, and keeping the Exchange Emergency Mitigation Service enabled. Organizations should apply Exchange Server and Windows security baselines, enable antivirus, AMSI, ASR, AppLocker/App Control, EDR, and Exchange anti-spam/anti-malware features. Restrict administrative access to the Exchange Admin Center and remote PowerShell, enforce least privilege, disable remote PowerShell for users in EMS, and harden authentication and encryption with TLS, HSTS, Extended Protection, Kerberos, SMB, and multifactor authentication.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]