Summary: Microsoft has rolled out enhanced security measures for Exchange Server and SharePoint Server, primarily through the integration of the Windows Antimalware Scan Interface (AMSI). This enhancement aims to protect against persistent threats that exploit vulnerabilities, ensuring malicious requests are identified and blocked before reaching the servers. Key recommendations for organizations include activating AMSI and applying the latest security updates to bolster defenses.
Affected: Microsoft Exchange Server, Microsoft SharePoint Server
Keypoints :
- Integration of AMSI provides an additional layer of defense by inspecting incoming HTTP requests.
- Attackers exploit vulnerabilities such as ProxyShell and ProxyNotShell to gain persistent access, demonstrating the need for timely updates.
- Recommendations for improving security include activating AMSI, applying updates, and reviewing access controls.