"The guidance states admins should treat on-prem Exchange servers as being "under imminent threat," and itemizes key practices for admins: First, it notes, "the most effective defense against exploitation is ensuring all Exchange servers are running the latest version and Cumulative Update (CU)"; It points out that Microsoft Exchange Server Subscription Edition (SE) is the sole supported on-premises version of Exchange, since Microsoft ended support for previous versions on October 14, 2025; It urges admins to ensure Microsoft's Emergency Mitigation Service remains enabled for delivery of interim mitigations; Maintaining a security baseline enables administrators to identify non-conforming systems and those with incorrect security configurations, as well as allowing them to perform rapid remediation that reduces the attack surface available to an adversary;"
"It advises admins to enable built-in protection like Microsoft Defender Antivirus and other Windows features if they aren't using third party security software. Application Control for Windows (App Control for Business and AppLocker) is an important security feature that strengthens the security of Exchange servers by controlling the execution of executable content, the advice adds; It urges admins to make sure only authorized, dedicated administrative workstations should be permitted to access Exchange administrative environments, including via remote PowerShell; It tells admins to make sure to harden authentication and encryption for identity verification; It advises that Extended Protection (EP) be configured with consistent TLS settings and NTLM configurations. These make EP operate correctly across multiple Exchange servers; It advises admins to ensure that the default setting for the P2 FROM header is enabled, to detect header manipulation and spoofing;"
Treat on-premises Exchange servers as under imminent threat and prioritize immediate remediation. Ensure all Exchange servers run the latest version and Cumulative Update (CU). Use Microsoft Exchange Server Subscription Edition (SE) as the supported on-premises version after prior versions reached end of support on October 14, 2025. Keep Microsoft's Emergency Mitigation Service enabled for interim mitigations. Establish and maintain a security baseline for Exchange Server, mail clients, and Windows to detect misconfigurations and enable rapid remediation. Enable built-in protections like Microsoft Defender Antivirus and Application Control (App Control for Business or AppLocker) when third-party security is not in use. Restrict Exchange administrative access to authorized dedicated administrative workstations, harden authentication and encryption, configure Extended Protection with consistent TLS and NTLM settings, and ensure the default P2 FROM header is enabled to detect header manipulation and spoofing.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]