Latest wave of Exchange Server attacks spotlights the value of cloud-based email solutions.
In cybersecurity, history tends to repeat itself.
In 2021, hackers exploited vulnerabilities in Microsoft Exchange Server in a wave of cyberattacks and data breaches. The attacks compromised hundreds of thousands of Exchange Servers across as many as 60,000 organizations. Microsoft quickly issued security updates to address the vulnerabilities, including a patch for the older, unsupported Exchange Server 2010.
Now it’s happening again. In February 2024, Microsoft identified a privilege escalation vulnerability that attackers were actively exploiting. The zero-day vulnerability allows remote attackers to relay leaked credentials and perform operations as if they were a legitimate user. The bug is tracked as CVE-2024-21410, and Microsoft assigned it a 9.1 on the 10-point critical severity scale.
Microsoft had previously issued an update to prevent this kind of attack, but many organizations did not enable it. The cumulative security update for Exchange Server issued on Feb. 13, 2024, enables that protection by default. However, Microsoft warned that the fix won’t work on certain older versions of Exchange Server.
This latest wave of Exchange Server attacks offers an opportunity for organizations to rethink their email strategy. Many will likely decide they no longer want the burden of managing and securing an on-premises email server. Cloud email services such as Exchange Online and Microsoft 365 are unaffected by these attacks because of the layers of proactive security measures these services provide. Few organizations have the internal resources to match that level of protection for their on-prem email.
Persistent Exploits
Microsoft disclosed two other zero-day vulnerabilities in February. One would allow an attacker to bypass Windows Defender SmartScreen, while another involves a malicious file that specifically targets financial traders. The Shadowserver Foundation estimates that almost 97,000 Exchange servers could be vulnerable to CVE-2024-21410 and other ongoing attacks.
These are not isolated incidents but simply the latest in a long line of security events affecting on-premises email systems. Microsoft acknowledges that on-premises Exchange servers are ideal targets for attackers looking to penetrate enterprise networks because “they provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use for maintenance.” The company estimates that some 200,000 Exchange Servers are exposed to the Internet, making them vulnerable to attack.
What’s more, many organizations aren’t making much of an effort to update their email infrastructure. Some continue to use Exchange Server 2010 although mainstream support ended in January 2015. In March 2023, Microsoft took the step of blocking Exchange Server 2007, Exchange Server 2010 and Exchange Server 2013 from sending email to Exchange Online. These versions are all end-of-life and do not receive support or security updates. Support will end for Exchange Server 2016 and Exchange Server 2019 on Oct. 14, 2025.
The Cloud Advantage
While some applications need to remain on-premises for performance, security or privacy reasons, there’s little reason to maintain email in-house. Cloud-based email solutions are mature and offer significant value to organizations of all sizes.
Cloud-based solutions relieve organizations of the headache of managing the servers, storage, mail clients and directories that are needed for an email system. There’s no need to keep up with patches and updates, or upgrade to a newer version when the existing platform is no longer supported. Organizations save money on IT infrastructure, and the monthly per-user subscription is generally cheaper than in-house maintenance.
Most importantly, cloud-based email platforms also boost security. Major cloud providers such as Microsoft have made significant investments in security features that in-house systems often lack. Customers gain access to increased levels of protection with integrated antivirus, multifactor authentication, privileged access management and more. Cloud providers also have the resources to ensure that their platforms remain secure.
Although email has been an indispensable business tool for 50 years, it has also become a valuable tool for cybercriminals. Security experts almost unanimously agree that email has become the No. 1 delivery mechanism for malware, ransomware and phishing attacks. Organizations are wise to consider cloud-based email solutions to gain stronger protection against these threats.
