Microsoft exchange explained

Exchange use a single building block architecture that provides email services for deployments at all sizes, from small organizations to the largest multi-national corporations. This architecture is describe in the following diagram.

Communication between Exchange servers and past and future versions of Exchange occurs at the protocol layer. Cross-layer communication isn't allowed. This communication architecture is summarized as "every server is an island". This architecture has the following benefits:. Exchange uses Mailbox servers and Edge Transport servers.

These server roles are described in the following sections. Mailbox servers contain the transport services that are used to route mail. For more information, see Mail flow and the transport pipeline. Mailbox servers contain mailbox databases that process, render, and store data.

For more information, see Manage mailbox databases in Exchange Server. Mailbox servers contain the Client Access services that accept client connections for all protocols. These frontend services are responsible for routing or proxying connections to the corresponding backend services on a Mailbox server.

Clients don't connect directly to the backend services. For more information, see the Client Access protocol architecture section later in this topic. Some reports have put the number affected as high as , thousand organizations — mostly small businesses with little value for state-sponsored attackers, but others with high-intelligence and financial value. Many of these were SMB organizations, such as small hotels and an ice-cream company.

The most-high profile confirmed target so far was the European Banking Agency, who believed that access to personal data held in emails could have been compromised. However, in this attack it is clear that the attack surface was a lot wider, with former CISCO boss Chris Krebs warning that SMBs, schools and local governments could be most at risk from this attack.

Microsoft reported that the attacks included three steps:. This is an effective, automated attack model, using the group they could have potentially affected tens of thousands of organizations in a short space of time. Last week, Microsoft released a series of updates for Exchange , hopefully preventing any further instances of this vulnerability. They have strongly recommended all organizations should look to investigate their Exchange deployments and look for indicators of attack using their hunting recommendations.

Microsoft has reported Hafnium is based in China, but primarily conducts its operations from leased virtual private servers in the USA. This is the second major state-sponsored attack to hit US businesses in recent months, coming quickly after the breach affecting SolarWinds customers. ActiveSync keeps all the Exchange data synchronized between devices, so when email is replied to, deleted, or moved on your computer, for example, that change is immediately made on the Exchange server as well, and then synchronized with any other devices you might use, such as Outlook on a mobile device.

IMAP is very similar to ActiveSync in that it keeps email messages in sync between the Exchange server and clients, though POP works differently - it downloads email from the Exchange server to a single computer and does not keep the two devices in sync. It's not commonly used for Exchange systems. You can find out if you're using an Exchange account by checking your Account Settings in Outlook. To do that, choose "File" and then click "Account Settings.

In addition, you may be able to access your Exchange email in a web browser. At the top of the page, click the account dropdown and choose an Exchange account. You should see a link to access the account on the web. As a general rule, as an end user you don't need to know many details about how Exchange is configured to set it up or to use it.

Your IT administrator should provide an email address and password; to get started, you simply add the email address to Outlook and your email client should determine it's an Exchange account and configure it automatically for you. Times Internet Limited. All rights reserved. IT departments are working on applying the patches, but that takes time and the vulnerability is still widespread. On Monday, internet security company Netcraft said it had run an analysis over the weekend and observed over 99, servers online running unpatched Outlook Web Access software.

Shares of Microsoft stock have fallen 1. On March 2, Microsoft said there were vulnerabilities in its Exchange Server mail and calendar software for corporate and government data centers. The company released patches for the , , and versions of Exchange. Generally, Microsoft releases updates on Patch Tuesday, which occurs on the second Tuesday of each month, but the announcement about attacks on the Exchange software came on the first Tuesday, emphasizing its significance. Microsoft also took the unusual step of issuing a patch for the edition, even though support for it ended in October.

Hackers had initially pursued specific targets, but in February they started going after more servers with the vulnerable software that they could spot, Krebs wrote. Microsoft said the main group exploiting vulnerabilities is a nation-state group based in China that it calls Hafnium. Attacks on the Exchange software started in early January, according to security company Volexity , which Microsoft gave credit to for identifying some of the issues.

Tom Burt, a Microsoft corporate vice president, described in a blog post last week how an attacker would go through multiple steps:.