BleepingComputer reports that Microsoft has moved to strengthen Exchange Server security by advising the removal of formerly recommended antivirus exclusions for the Inetsrv and Temporary ASP.NET Files folders, as well as the w3wp and PowerShell processes.
"Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues... We've validated that removing these processes and folders doesn't affect performance or stability when using Microsoft Defender on Exchange Server 2019 running the latest Exchange Server updates," said Microsoft's Exchange Team.
Antivirus exclusions could also be done in Exchange Server 2016 and Exchange Server 2013 although admins have been urged to be prepared in mitigating any potential issues. Such a recommendation follows the targeting of vulnerable Microsoft Exchange servers with Internet Information Services backdoors.
Microsoft has previously urged immediate application of the latest Cumulative Updates, as well as the execution of the Exchange Server Health Checker script to ensure the security of their systems.
Malware-free intrusions have become the leading cybersecurity threat against small- to medium-sized businesses, accounting for 56% of all cyber incidents during the third quarter, SiliconAngle reports.
Four high-severity Microsoft Exchange flaws reported by Trend Micro's Zero Day Initiative were noted by Microsoft to have been addressed or not need immediate servicing as required authentication would significantly reduce their odds of being exploited, SecurityWeek reports.
Email security: The current threat landscape, the latest tools/techniques
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news