Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads.
« Attackers looking to exploit unpatched Exchange servers are not going to go away, » the tech giant’s Exchange Team said in a post. « There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts. »
Microsoft also emphasized mitigations issued by the company are only a stopgap solution and that they can « become insufficient to protect against all variations of an attack, » necessitating that users install necessary security updates to secure the servers.
Exchange Server has been proven to be a lucrative attack vector in recent years, what with a number of security flaws in the software weaponized as zero-days to hack into systems.
In the past two years alone, several sets of vulnerabilities have been discovered in Exchange Server – including ProxyLogon, ProxyOracle, ProxyShell, ProxyToken, ProxyNotShell, and a ProxyNotShell mitigation bypass known as OWASSRF – some of which have come under widespread exploitation in the wild.
Bitdefender, in a technical advisory published this week, described Exchange as an « ideal target, » while also chronicling some of the real-world attacks involving the ProxyNotShell / OWASSRF exploit chains since late November 2022.