Microsoft is launching a new Exchange Online security feature. Moreover, it is likely that after 90 days of administrators being notified to secure them, any emails sent from “persistently vulnerable exchange servers” will be throttled and eventually stopped.

These Exchange servers are found in on-premises or hybrid settings. They are either running out-of-date software or haven’t had known security flaws fixed.

The Exchange Team defined any Exchange server that has reached the end of life that is not fixed for known flaws. This includes Exchange 2007, Exchange 2010, and shortly, Exchange 2013.

For instance, computers running Exchange 2016 and 2019 are considerably out of current on security updates and are considered consistently vulnerable.

According to Microsoft Office 365 parent company, this new Exchange Online is a transport-based enforcement system. Furthermore, it performs three separate tasks: reporting, throttling, and stopping.

The main objective of the new system is to assist Exchange administrators in finding on-premises Exchange servers that are not updated or maintained. So, that they can replace or patch them before they pose a security risk.

In addition, Exchange Online mailboxes with unfixed Exchange servers can be throttled and eventually stopped.

This new enforcement mechanism will only work on Exchange Server 2007 servers. Moreover, it uses On-Premises connectors so that it can be tested before being rolled out to all Exchange versions. It is regardless of how they connect to Exchange Online.

According to Redmond, they adopt a gradual approach aimed at progressively intensifying restrictions. It implements email filtering until all emails sent from exposed servers are turned down.

Securing your mailbox environment

The objective behind implementing these enforcement measures is to gradually escalate the seriousness of the circumstance. Until the susceptible Exchange servers are patched or removed from operation for end-of-life versions.

Microsoft 365 Office Team aims to assist clients in securing their surroundings, wherever they choose to operate Exchange.

The enforcement system is designed to warn administrators about email security risks in their environment. Moreover, it also shields recipients of Exchange Online from potentially malicious messages sent from persistently vulnerable Exchange servers.

It may be an additional incentive for some administrators to continue keeping end users safe from possible attacks. It does so by preventing emails from susceptible servers in their environment from being automatically stopped.

This statement follows a call to action from Microsoft in January. Furthermore, the company encouraged users to always deploy the recently approved Cumulative Update to their on-premises Exchange servers. In order to keep the Exchange servers current and prepared for impending emergency security patches always use Cumulative Update.

Additionally, Microsoft 365 urged administrators to immediately apply the most recent patches to Exchange servers. After releasing urgent out-of-band security updates to address ProxyLogon flaws. They were leveraged in assaults months before the formal patches were made available.

Two months after the report of exploitation in the open, Microsoft patched another collection of Exchange RCE vulnerabilities known as ProxyNotShell.

A Shodan scan still reveals thousands of Exchange servers that are accessible via the Internet. They need to be protected from assaults using the most commonly used vulnerabilities in 2021, ProxyLogon and ProxyShell.