Exchange Server to Enable Extended Protection By Default – Petri.com

Key takeaways:

Microsoft has announced its plans to enable Extended Protection by default on Exchange Server later this year. Scheduled to roll out with the 2023 H2 Cumulative Update, the new security feature will help organizations to boost protection against credential theft and man-in-the-middle attacks.

Windows Extended Protection is a security feature that is designed to secure communication between client and server devices. It strengthens the NTLM (Windows NT LAN Manager) protocol that is used to authenticate users in Windows environments. The Extended Protection feature helps to protect users against various types of attacks, including credential theft and man-in-the-middle (MiTM) attacks.

Last year, Microsoft introduced Extended Protection support to mitigate specific vulnerabilities in Exchange Online. Currently, IT admins need to manually enable Extended Protection support on Exchange Servers in their tenants. Starting with the 2023 H2 Cumulative Update (CU), Microsoft will enable Extended Protection by default for Exchange Server 2019.

EP allows a binding to occur within Windows Authentication in IIS between the auth information passed at the Application layer and the TLS encapsulation at the lower levels of the protocol stack. Auth information is also supplemented by adding the namespace the client is accessing in the connection, the Exchange team explained.

Microsoft notes that organizations will be able to use the command-line CU installer to opt out of the default configuration. However, IT admins who use the unattended Setup/scripts to deploy cumulative updates will need to add the new Setup parameter manually. Microsoft recommends the following course of action:

Microsoft advises all administrators to enable Extended Protection in their organizations. If you have any servers older than the August 2022 SU, then your servers are considered persistently vulnerable and should be updated immediately. Further, if you have any Exchange servers older than the August 2022 SU, you will break server-to-server communication with servers that have EP enabled, the Exchange team added.

Its important to note that threat actors are increasingly looking to search, discover, and exploit vulnerabilities in Exchange Server. The integration of Extended Protection support should offer a robust defense against rising threats like MITM attacks.

Read more:
Exchange Server to Enable Extended Protection By Default - Petri.com

Related Posts

Comments are closed.