Microsoft is getting tough on blocking potentially harmful emails

News
By Sead Fadilpašić
published

Patch your servers, or else, says Microsoft

A laptop showing lots of email notifications
(Image credit: Shutterstock)

Microsoft is going to lengths to try and stop harmful emails from being distributed via its Exchange servers. 

In a new blog post, Microsoft’s Exchange team said it would be introducing a new feature which will first throttle, and then block, all emails sent from “persistently vulnerable Exchange servers”.

Microsoft defines these at-risk entities as, "Any Exchange server that has reached end of life (e.g., Exchange 2007, Exchange 2010, and soon, Exchange 2013), or remains unpatched for known vulnerabilities...for example, Exchange 2016 and Exchange 2019 servers that are significantly behind on security updates are considered persistently vulnerable."

Securing the environment

The company says it will start throttling emails tThree months (90 days) after the server’s administrators get the notification that their Exchange servers are outdated and require attention. 

For Microsoft, this is all about “securing the environment” and protecting Exchange Online recipients. 

"Our goal is to help customers secure their environment, wherever they choose to run Exchange," the Exchange team said in its announcement. "The enforcement system is designed to alert admins about security risks in their environment, and to protect Exchange Online recipients from potentially malicious messages sent from persistently vulnerable Exchange servers."

Read more

> Thousands of Microsoft Exchange servers are still vulnerable to this dangerous flaw

> A new Microsoft Exchange flaw is being used to attack servers

> These are the best firewalls today

The process will be gradual, the team explained. First, a few emails will be throttled, then a few more, than a few will be blocked, then a few more, until eventually the admins either patch their endpoints, or experience all of the outgoing emails being blocked. 

When will the new feature kick off? For some servers, it already has. Microsoft explained it is now starting with a “very small subset” of outdated servers: Exchange 2007 connected to Exchange Online over an inbound connector type of OnPremises.

“We have specifically chosen to start with Exchange 2007 because it is the oldest version of Exchange from which you can migrate in a hybrid configuration to Exchange Online, and because these servers are managed by customers we can identify and with whom we have an existing relationship,” the team concluded.

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.