(TLP:CLEAR) CISA Releases New Guide – Microsoft Exchange Server Security Best Practices

Summary: Last week, CISA, the NSA, and international partners released Microsoft Exchange Server Security Best Practices, a 15-page guide to help network defenders harden on-premises Exchange servers against exploitation by malicious actors.

Analyst Note: Microsoft officially ended support for Exchange Servers 2016 and 2019 on October 14, leaving thousands of organizations vulnerable to exploitation requiring direct action to protect and/or upgrade these systems. CISA notes that threat activity targeting Exchange continues to persist, and organizations with unprotected or misconfigured Exchange servers remain at high risk of compromise.

The best practices in this guide focus on hardening user authentication and access, ensuring strong network encryption, and minimizing application attack surfaces. It’s generally recommended that organizations decommission any remaining end-of-life on-premises or hybrid Exchange servers after transitioning to Microsoft 365, as retaining the “last Exchange server” can expose organizations to ongoing exploitation activity.

Members are encouraged to review and implement CISA’s new guide and take steps to decommission end-of-life on-premises Exchange servers in hybrid environments to significantly reduce risk from cyber threats.

Original Source: https://www.cisa.gov/resources-tools/resources/microsoft-exchange-server-security-best-practices

Additional Reading:

• CISA releases security best practices guide for on-site Microsoft Exchange Servers
• Exchange Team Blog

Mitigation Recommendations:

• Microsoft Exchange Server Security Best Practices
• Exchange Emergency Mitigation (EM) service

Related WaterISAC PIRs: 6, 8, 12