Microsoft Exchange Servers getting extended protection
Microsoft has recently revealed that systems utilizing Exchange Server 2019 will soon benefit from an enhanced level of security.
Microsoft has officially confirmed the forthcoming introduction of Windows Extended Protection (EP) on these servers, providing a brief update on the matter. Starting with the installation of the H2 2023 Cumulative Update (CU14), the feature will be automatically enabled as the default setting.
What does H2 2023 Cumulative Update involve?
The Enhanced Protection tool aims to enhance the authentication functionality of Windows Server, thereby providing stronger protection against man-in-the-middle (MitM) attacks.
"Today, we wanted to let you know that starting with the 2023 H2 Cumulative Update (CU) for Exchange Server 2019 (aka CU14), EP will be enabled by default when CU14 (or later) is installed. Exchange Server 2019 is currently in Mainstream Support and is the only version that still gets CUs,” Microsoft stated.
A new option has been introduced for IT teams to opt out of this feature, as stated by the command-line CU installer.
Microsoft has outlined its recommended course of action based on the security updates already installed on the endpoints.
Attention all users with Aug 2022 SU or later and EP enabled: Straightforward CU14 Installation: A Must for Users with Aug 2022 SU or Later, but EP Not Yet Enabled If you fall into the category of users who have installed the August 2022 Service Update or a more recent version but have not yet enabled the EP feature, then the installation of CU14 is highly recommended. It is worth noting that the default setting for this installation includes the 'Enable EP' feature.
Users who are currently operating Exchange Server versions prior to the August 2022 Security Update (SU) are strongly recommended to promptly upgrade their servers to the most recent SU.
In a significant development, the Exchange Server received a crucial upgrade in August 2022 with the introduction of Extended Protection. In the past, Microsoft informed IT teams that certain vulnerabilities would require the activation of specific features. A script was deployed that has the ability to automatically enable or disable EP. Remarkably, this script continues to function effectively even on endpoints that have undergone subsequent updates.
"We recommend that all customers enable EP in their environment. If your servers are running the August 2022 SU or later SU, then they already support EP. If you have any servers older than the August 2022 SU, then your servers are considered persistently vulnerable and should be updated immediately,” Microsoft said.
"Further, if you have any Exchange servers older than the August 2022 SU, you will break server-to-server communication with servers that have EP enabled,” the company added.