Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online
Due to user error, the original version of this article published on March 23 was deleted. We are republishing the article below. Please join us for upcoming Ask Me anything (AMA) on this subject, starting on May 10, 2023 at 9am Pacific Time.
As we continue to enhance the security of our cloud, we are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Once a version of Exchange Server is no longer supported, it no longer receives security updates; thus, any vulnerabilities discovered after support has ended don’t get fixed. There are similar risks associated with running software that is not patched for known vulnerabilities. Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers….
