CISA, the National Security Agency and international partners have issued a new guide to help businesses protect their on-premises Exchange servers against cyberthreats.
Many organizations rely on Microsoft Exchange as their primary method of business communication, making the service an attractive target for cybercriminals.
The newly published guide includes recommendations to help organizations proactively protect sensitive information and prevent the exploitation of misconfigurations in their Exchange environments.
These include hardening user authentication and access security, implementing strong network encryption, and minimizing application attack surfaces.
This builds on CISA’s emergency directive 25-02, Mitigate Microsoft Exchange Vulnerability, which was published earlier this year.
The authoring agencies recommend that organizations that have transitioned to Microsoft 365 decommission end-of-life Exchange Servers, such as versions 2016 and 2019, as these versions are now at a “heightened risk of compromise”.
The additional risk lies in the fact that Microsoft no longer provides bug fixes or security updates for these versions. Despite this, they’re often left to run unmonitored in an organization’s environment long after the business has migrated to another service, such as the latest on-premises version, Microsoft 365, or Exchange Online.
Attackers can then leverage security flaws within these unmonitored, unused versions as a means of compromising an organization’s network.
“With the threat to Exchange servers remaining persistent, enforcing a prevention posture and adhering to these best practices is crucial for safeguarding our critical communication systems,” said Nick Andersen, Executive Assistant Director for the Cybersecurity Division at CISA.
“This guidance empowers organizations to proactively mitigate threats, protect enterprise assets, and ensure the resilience of their operations.”
