Microsoft begins to throttle traffic from unpatched Exchange servers

Microsoft has announced their intention to throttle traffic from Legacy Exchange servers which have not been patched and updated or are otherwise unsupported. Currently, as of the 10th of May, this only affects on-premise Exchange servers running Exchange Server 2007 that send mail to Exchange Online, Microsoft’s cloud-hosted email service in a hybrid deployment setup. However, Microsoft has made it clear they view unpatched servers as a security vulnerability and will be expanding this policy to pressure current users to migrate.

Microsoft uses the so-called Zero Trust model, something that we have featured on this blog previously in the context of their abandoning Basic Authentication. As such, security vulnerabilities open whenever servers running unpatched versions of Exchange attempt to communicate with other services. Servers that are unsupported or remain unpatched are persistently vulnerable and cannot be trusted, and therefore email messages sent from them also cannot be trusted.

Exchange Online will begin to throttle messages from it. In this case, Exchange Online will issue a retriable SMTP 450 error to the sending server which will cause the sending server to queue and retry the message later, resulting in delayed delivery of messages. In this case, the sending server will automatically try to re-send the message. An example of the SMTP 450 error is below:

450 4.7.230 Connecting Exchange server version is out-of-date; connection to Exchange Online throttled for 5 mins/hr. For more information see https://aka.ms/BlockUnsafeExchange.

Eventually, if remedial action is not taken, the period of delay will progressively increase until sending mails from the server is fully blocked.

Solutions – patch, update or migrate

There have been some concerns raised that this is a move by Microsoft to drive people towards their Cloud-based services, something the software giant denies. Quoting the announcement linked above, “our goal is to help customers secure their environment, wherever they choose to run Exchange.”

The security environment has become significantly more complex and congested over the last few years, with concerns raised over phishing, fraudulent contacts and more coming through the email net. “The enforcement system is designed to alert admins about security risks in their environment, and to protect Exchange Online recipients from potentially malicious messages sent from persistently vulnerable Exchange servers.”

While the need to close these security gaps and respond to the needs of the cybersecurity environment, “a significant number of organizations don’t install updates or are far behind on updates, and are therefore putting themselves, their data, as well as the organizations that receive email from them, at risk.” Microsoft lacks the ability to directly contact these organizations’ admins, the announcement claims, and as such is using the data flow through these servers as a way to communicate their message: update to a supported version as soon as possible.

How can I better secure my systems?

The first step is obvious – ensuring all of your solutions are kept up to date with the newest versions and patches available. Not only do unsupported versions of software not defend against vulnerabilities discovered after the last update, but attacks against these vulnerabilities become more common; Once a security update has been released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the weakness on unpatched servers.

Besides patching existing systems to the highest available point, another crucial step is to ensure you have systems forming a safety net for your organization and its data. A key aspect of this is making sure critical information is secured in an archive or a backup solution, allowing you to recover from possible deliberate attacks or accidental occurrences that make it through your initial security.

TECH-ARROW’s contentACCESS Archive and Backup fills both of these roles simultaneously. Designed with Microsoft’s suite of systems in mind, contentACCESS for Exchange perfectly supplements your Exchange architecture – whether on the Cloud, on-premise or in a hybrid setup – keeping your emails and their attachments secured but still easily accessible.

If you are interested in following up and learning how you can better ensure data security for your organization, contact us! Our team has decades of combined experience in the archiving, backup and data security fields. We are ready to hear about your needs and use case, and to help you leverage this experience into the best solution for your situation.

 

Take the best steps to protect your data – with TECH-ARROW.

Archive all your O365 data with contentACCESS

by Matúš Koronthály