BleepingComputer reports that Microsoft has moved to strengthen Exchange Server security by advising the removal of formerly recommended antivirus exclusions for the Inetsrv and Temporary ASP.NET Files folders, as well as the w3wp and PowerShell processes.
"Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues... We've validated that removing these processes and folders doesn't affect performance or stability when using Microsoft Defender on Exchange Server 2019 running the latest Exchange Server updates," said Microsoft's Exchange Team.
Antivirus exclusions could also be done in Exchange Server 2016 and Exchange Server 2013 although admins have been urged to be prepared in mitigating any potential issues. Such a recommendation follows the targeting of vulnerable Microsoft Exchange servers with Internet Information Services backdoors.
Microsoft has previously urged immediate application of the latest Cumulative Updates, as well as the execution of the Exchange Server Health Checker script to ensure the security of their systems.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.