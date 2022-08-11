Microsoft urges IT managers to protect Exchange from threats

IT admins will still need to enable Extended Protection to fully neutralize some of them.

Low-skilled threat actors can exploit these weaknesses.

Microsoft has fixed a number of Exchange Server weaknesses, but IT administrators will still need to enable Extended Protection to fully neutralize some of them.

Extended Protection improves Windows Server authentication and prevents man-in-the-middle attacks. The feature uses Channel-binding information, supplied by a Channel Binding Token, for SSL connections.

This month’s cumulative update fixes 121 vulnerabilities, including major Exchange weaknesses CVE-2022-21980, CVE-2022-24477, and CVE-2022-24516. Low-skilled threat actors can exploit these weaknesses, making them harmful. All require victims to access malicious servers.

“Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your environment,” the Exchange Server Team said.

"Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your environment," the Exchange Server Team said.

Advertisement "Vulnerable customers must enable Extended Protection to avert assault," the team said. Extended Protection (EP) is only supported on certain Exchange versions (see docs for a list). If criminals aren't abusing these loopholes now, they will. Microsoft rated all three weaknesses as "exploitation more likely," advising IT admins implement the fixes quickly. It's only a matter of time until hackers exploit the holes to transmit malware. "Microsoft investigation shows an attacker may reliably exploit this issue with exploit code. Microsoft says it knows of earlier exploits of this vulnerability. Advertisement This would attract attackers and increase the likelihood of exploitation. Customers who've examined the security update and established its relevance should priorities it. Microsoft provided a script to enable this capability, but admins should examine their environments before utilizing it.