Velocity Group Blog

Exchange Zero Day Exploits Explained

Written by Garth Elston | Oct 10, 2022 7:15:00 AM

For decades Microsoft Exchange server has been the go-to solution for enterprise Email functionality. Although many organisations have embraced cloud native solutions, and Exchange online was for many the gateway to their Microsoft 365 journey, despite rapid cloud adoption, many organisations today still rely on their On premises Exchange environment. Whether it is the only link in their email delivery solution, or it is part of a Hybrid cloud solution, it is no wonder then that terms like “exchange zero day” exploit doing the rounds may lead many to wonder just what is going on??

Zero Day Exploits:  How And Why

As business needs have evolved, the tools you use have had to keep up. Exchange is no exception, over the years it has received regular upgrades and architecture overhauls to meet the needs of businesses today. Exchange has become a smarter and stronger animal. Unfortunately, as with any software that has evolved and implemented new features, this means there are more nooks, crannies and corners for vulnerabilities or unexpected behaviours to hide.

Today there are also more and more "bad actors" actively looking for vulnerabilities and ways to exploit them. These bad actors are either in it for commercial gain, nefarious reasons (think political and digital terrorism) or just to show the world how smart and skilled they are. 

All these forces working together lead to a situation like the one being faced now; people have figured out how to use the functionality in Exchange servers to either gain access to our data or run malicious code on our systems.

Microsoft Exchange Online has detections and mitigations to protect customers and customers who have fully migrated to the cloud do not need to take any actions. However, this is not the bulk of customers as those who still have on premise exchange server (and this includes Hybrid or CAS) should not underestimate the risk that these vulnerabilities can cause.  

What Is The Answer?

Unfortunately, we cannot just put your Exchange servers behind firewalls and close off all access from the outside. Doing that would cut off critical functionality that you have come to rely on and would seriously impact your ability to continue doing business.

While migrating all mailboxes to the cloud would be the “simple” solution, for many organisations that just is not a viable option. The supported way to manage an Exchange Online environment still dictates an on-premises server and whether its legacy application dependencies, regulatory restriction, budgetary concerns, or any other reason your business cannot lift and shift to the cloud, that does not mean that there is nothing that can be done to improve the security of your exchange environment and mitigate the risks.

Fortunately, there are now also more security researchers than ever also proactively looking for these vulnerabilities… searching for the “ghosts in the code” ... these “White Hat” hackers have provided guidance on steps that can be taken to mitigate certain risks around the current zero-day exploits.

Just like Exchange has evolved though, other technologies have also evolved over time, and you can use these technologies in conjunction with our existing Exchange environment to improve security and add additional layers (like multi-factor authentication) to your existing Exchange environments.

Conclusion

As the old saying goes… the night is always darkest just before the dawn. You may feel like you are in the darkest part of the security ‘night” but there is no need to feel like the darkness is closing in on you and your Exchange environment! If you would like to find out more about exciting technologies such as Azure App Proxy and how they can help, or you would like to assess your existing Hybrid environment and see what can be done to improve your security posture… give us a call. 

The Night is always darkest before you #AddVelocity!