The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation.
“By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security configurations, and adopting zero trust (ZT) security model principles, organizations can significantly bolster their defenses against potential cyber attacks,” CISA said.
The agencies said malicious activity aimed at Microsoft Exchange Server continues to take place, with unprotected and misconfigured instances facing the brunt of the attacks. Organizations are advised to decommission end-of-life on-premises or hybrid Exchange servers after transitioning to Microsoft 365.
Some of the best practices outlined are listed below –
- Maintain security updates and patching cadence
- Migrate end-of-life Exchange servers
- Ensure Exchange Emergency Mitigation Service remains enabled
- Apply and maintain the Exchange Server baseline, Windows security baselines, and applicable mail client security baselines
- Enable antivirus solution, Windows Antimalware Scan Interface (AMSI), Attack Surface Reduction (ASR), and AppLocker and App Control for Business, Endpoint Detection and Response, and Exchange Server’s anti-spam and anti-malware features
- Restrict administrative access to the Exchange Admin Center (EAC) and remote PowerShell and apply the principle of least privilege
- Harden authentication and encryption by configuring Transport Layer Security (TLS), HTTP Strict Transport Security (HSTS), Extended Protection (EP), Kerberos and Server Message Block (SMB) instead of NTLM, and multi-factor authentication
- Disable remote PowerShell access by users in the Exchange Management Shell (EMS)
“Securing Exchange servers is essential for maintaining the integrity and confidentiality of enterprise communications and functions,” the agencies noted. “Continuously evaluating and hardening the cybersecurity posture of these communication servers is critical to staying ahead of evolving cyber threats and ensuring robust protection of Exchange as part of the operational core of many organizations.”
CISA Updates CVE-2025-59287 Alert
The guidance comes a day after CISA updated its alert to include additional information related to CVE-2025-59287, a newly re-patched security flaw in the Windows Server Update Services (WSUS) component that could result in remote code execution.
The agency is recommending that organizations identify servers that are susceptible to exploitation, apply the out-of-band security update released by Microsoft, and investigate signs of threat activity on their networks –
- Monitor and vet suspicious activity and child processes spawned with SYSTEM-level permissions, particularly those originating from…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
