A new feature called the Microsoft Exchange Emergency Mitigation (EM) service will automatically install temporary mitigations that block active exploitation of security flaws until Microsoft releases official patches. Microsoft Exchange mail servers have been targeted in hacking campaigns over the past couple of years where multiple zero-day vulnerabilities were exploited and administrators had no patch or mitigation information available.
EM will automatically be installed on servers after installation of the September 2021 Cumulative Updates (CUs) for Exchange servers. The EM service can apply three types of mitigations:
- IIS URL Rewrite Rule Mitigation: a rule that blocks specific patterns of malicious HTTP requests that can endanger an Exchange server.
- Exchange Service Mitigation: disables a vulnerable service on an Exchange server.
- App Pool Mitigation: disables a vulnerable app pool on an Exchange server.
The Microsoft Exchange team said last week that “since in the future mitigations may be released at any time, we chose to have the EM service check for mitigations hourly.” The EM service is one of the first security features that can automatically deploy temporary fixes until a permanent/official fix is available.