Black Arrow Cyber Advisory 29 March 2023 – Microsoft Exchange Online to Start Blocking Emails from Vulnerable On-premises Servers
Executive Summary
Microsoft recently announced their intention to address the risks that stem from emails being sent to Exchange Online from unsupported or unpatched on-premises Microsoft Exchange servers and as a result are now taking a progressive enforcement approach. The approach will begin by throttling messages and escalate, eventually blocking servers until they are removed from service or updated. The enforcement approach will take 90 days from start to finish, once an in scope out of date server is detected. The Exchange team confirmed in the comments of the announcement that the report detailing affected servers will be available within private preview towards the end of April 2023. In May 2023 the first wave of affected customers will see the report, with throttling of inbound messages to Exchange Online starting in June, and blocking of inbound messages in July. The approach is focusing on a small subset of outdated Exchange 2007 servers at current, however Microsoft have stated that this will apply to all on-premises servers in the future.
What’s the risk to me or my business?
An unpatched or unsupported on-premise exchange server is already at significant risk of compromise and after 90 days from initial detection, it will no longer be able to communicate with Exchange Online. Organisations using unpatched or unsupported on-premise servers would be unable to send emails to accounts hosted with Exchange Online, impacting how users can communicate with third parties.
What can I do?
Thankfully, the risks can easily be mitigated by only using supported versions of Exchange and servers operating systems and applying patches in a reasonable time frame; Microsoft have allocated 90 days from initial detection by Exchange Online to administrators each year, to pause throttling and or blocking so that servers can be remediated.
The announcement by Microsoft can be found here: Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online - Microsoft Community Hub
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity