(CTN News) – Following the installation of the 2023 H2 Cumulative Update (CU14), Microsoft announced today that Windows Extended Protection will be enabled by default on servers running Exchange Server 2019.
By enabling Extended Protection (EP), Windows Server authentication can be enhanced to prevent authentication relay attacks and “man in the middle” attacks.
In the 2023 H2 Cumulative Update (CU) for Exchange Server 2019 (aka CU14), EP will be enabled by default when CU14 (or later) is installed.
A CU is still being released for Microsoft Exchange Server 2019 because it is in Mainstream Support.
CU14 will enable EP on all Exchange servers after deployment, but administrators can opt-out using the command-line CU installer (the GUI version opts in automatically, whereas unattended installers require customization).
Depending on the security update you have installed, Microsoft recommends the following:
Install CU14 (no special steps required) if you have an Aug 2022 SU or later and EP enabled.
In the event you are using an Aug 2022 SU or later, but EP has not yet been enabled: Install CU14 with the default setting of ‘Enable EP’ left in place.
There is a version of Exchange Server prior to the August 2022 Service Pack: “We send you our thoughts and prayers, along with very strong, yet gentle directions to update your servers as soon as possible.”
As part of last year’s August security updates, Microsoft added EP support to Exchange Server, and warned administrators that some vulnerabilities would require them to enable EP on impacted servers if they wanted to fully block attacks.
As a result, this company has developed a dedicated script that automates the process of turning EP on and off across an entire organization, a script that will update itself automatically with the latest fixes as soon as they are released.
Microsoft recommends that all customers enable EP in their environments. If your servers are running the August 2022 Service Pack or later Service Pack, then they already support EP.
You are advised to update your servers as soon as possible if they are older than the August 2022 SU.
Additionally, you will be unable to communicate with Exchange servers that are EP enabled if you have any Exchange servers older than the August 2022 SU.
As part of its January message, Microsoft urged customers to keep their on-premises Exchange servers up-to-date by installing the latest Cumulative Updates (CU) in order to be prepared to deploy emergency security patches in the event of an emergency.
Financially motivated cybercriminal groups like FIN7 have developed an attack platform specifically designed to penetrate Exchange servers.
FIN7’s Checkmarks platform has been used to breach the networks of over 8,000 companies, primarily in the United States, after scanning over 1.8 million targets, according to threat intelligence firm Prodaft.