New Backdoor Targets Exchange On-Premises

Exchange on-premises faces new exploit: PowerExchange.

More bad news appeared this week for organizations that still have Exchange on-premises.

According to FortiNet FortiGuard Labs, an “unnamed United Arab Emirates government entity,” was recently infiltrated by Iranian state-sponsored hackers.

The forensic investigations concluded that the exploit named “PowerExchange” used an exploit in Exchange on-premises, which allowed for advanced remote controls.

The attacker could receive and execute commands from the Internet and download and upload information.

The communication was masqueraded as legit mail communication that would easily bypass most AV scanning devices.

The Latest Exchange On-Premises Security Incident Echoes a Troubling Trend

The latest security breach targeting Exchange on-premises is just the latest in a series of headaches concerning Exchange on-premises.

Early 2021 saw one of the most severe threats, Hafnium, that targeted hundreds of thousands of organizations, mainly in the United States.

In November 2021, two more zero-day exploits surfaced, targeting Exchange on-premises.

Then again, in November 2022, new exploits targeting Exchange on-premises received another round of patching.

December 2022 saw one of the old exploits resurfacing in a way that could circumvent some of the Exchange Emergency Mitigation Service mitigation.

And here we are again, in May 2023, with a fresh new exploit targeting Exchange on-premises.

The Exchange On-Premises Dilemma

Protecting your organization from Exchange on-premises attacks is becoming a Sisyphean undertaking.

Sisyphus undertaking to patch Exchange on-premises.

What makes this even more frustrating is Microsoft’s inability to provide a decent way of getting rid of the on-premises Exchange Server after moving all mailboxes to Office 365.

According to Microsoft, the only supported way of shutting down Exchange on-premises in hybrid Office 365 is by upgrading to the Exchange 2019 CU12 management pack and performing all first-level user support using PowerShell.

Most organizations want to utilize IT staff with PowerShell skills for more complex tasks than performing first-level user support.

That’s why more and more organizations are now looking to third-party solutions to eliminate Exchange on-premises.

How to Remove Exchange On-Premises for Improved Security

With Easy365Manager, you can perform all daily hybrid Office 365 management without having Exchange on-premises.

Easy365Manager allows you to manage all the attributes that are normally handled by Exchange on-premises. This includes, e.g., email addresses, the mail alias, and hide-from-address lists.

Easy365Manager offers the added benefit that you can also manage all the Exchange Online properties, like delegation and forwarding.

Even complex settings like calendar delegation, which can otherwise only be managed via complex PowerShell scripting, are exposed by a convenient graphical user interface:

Easy365Manager integrates with AD Users & Computers – a management tool familiar to any admin and requires very little training.

This makes Easy365Manager an ideal candidate to remove your Exchange on-premises server and lower the overall cost of your first-level user support service.

Easy365Manager can be installed and configured in two minutes and is available as a fully functional 30-day trial.

Find out more about Easy365Manager.