Workload and Application Security Blog

Keeping Microsoft Windows Server Secure

Written by Virsec | Jul 5, 2024 5:21:18 PM

Windows Server has been with us since before Windows NT with Windows for Workstation and Server 3.1. Since then, Windows Server has been the workhorse of data centers for corporations and enterprises. 

Initially, Microsoft Windows Server was the primary local network domain controller, providing local security, services lookup, DHCP for IP addresses, printers and document management. It would later go on to be the backbone for enterprise services like Email with Microsoft Exchange - the world's largest corporate mail server and SQL, as well as one of the world's leading SQL database servers as well as IIS, powering half of the world's web servers. 

In the past, hardening Microsoft Windows servers included maintaining updates and patches, strict user access control, firewalls, securing routers and modems, and installing anti-virus protection. 

Other Considerations for Server Security 

  • User Access 
  • External Hacking 
  • OWASP (for IIS) 
  • Ransomware and Malware 
  • Viruses 

 

Cybersecurity with Microsoft Defender for Endpoint 

As these servers have become more exposed and developed more vulnerabilities - which many attribute to Microsoft product development standards - they’ve had to provide anti-virus and EDR services. However, legacy versions - which include some as young as 4 or 5 years old and dating all the way back to Windows 2003 - are no longer a priority for Microsoft. They do offer Defender for Endpoint (formerly Defender Advanced Threat Detection), which provides limited security and defense for anti-virus and some cybersecurity features. In reality, this means full protection against viruses, malware and ransomware for corporate and enterprise data centers is virtually non-existent. 

Versions of Microsoft Defender  

Timeline 

Brand/Product Name 

Description 

Pre-2016 

Windows Defender 

Anti-spyware protection for Windows XP and later 

2016 (Windows 10) 

Windows Defender Antivirus 

Renamed from Windows Defender <br> - Expanded functionality to include comprehensive antivirus protection <br> - Became the default antivirus on Windows 10 

2017 onwards 

Microsoft Defender Brand 

Consolidation of various security products under a unified brand representing a more integrated security solution 

Current 

Microsoft Defender Suite 

Suite of security products and services including: <br> - Microsoft Defender for Endpoint (formerly Windows Defender ATP) <br> - Microsoft Defender Antivirus <br> - Microsoft Defender for Identity <br> - Other cloud-based security solutions 

 

Microsoft Defender for EDR + Anti-virus Status for Legacy Windows Servers 

Server Version 

Release Year 

Microsoft Defender Protection 

Windows Server 2003 

2003 

Not directly protected 

Windows Server 2008 

2008 

Not directly protected 

Windows Server 2012 

2012 

Not directly protected 

Windows Server 2016 

2016 

Windows Defender Antivirus (limited) 

Windows Server 2019 

2019 

Windows Defender Antivirus 

Notes: 

  1. Windows Defender before 2016: Prior to Windows 10 (released in 2015), there was no product called Microsoft Defender specifically designed for servers. Windows Server 2003, 2008, and 2012 relied on other security solutions for protection. 
  2. Windows Defender Antivirus (limited) on Windows Server 2016: With the release of Windows 10 in 2015, Microsoft Defender Antivirus became available on Windows Server 2016. However, its functionality was limited compared to the full-fledged product available on Windows 10. 
  3. Full Windows Defender Antivirus on Windows Server 2019: Windows Server 2019 (released in 2018) benefits from the full capabilities of Windows Defender Antivirus, offering comprehensive real-time protection against malware, viruses, and other threats. 

 

Microsoft Defender ATP 

While Microsoft Defender Antivirus provides baseline protection on Windows Server 2016 and later, organizations often utilize additional security solutions for more robust server protection. These might include System Center Endpoint Protection or more advanced solutions like Microsoft Defender for Endpoint mentioned above. 

For Windows Server 2003, 2008, and 2012, it's crucial to rely on alternative security solutions, as Microsoft no longer offers mainstream support for these server versions. 

Primary Microsoft Services Used on Windows Server 

The primary services for Windows Server Services (sometimes workloads) are: 

Network Services 

  • DNS 
  • Active Directory (AD) 
  • Firewall 
  • DHCP 
  • Printer and Document 
  • Mail  

Application Services 

  • Windows IIS 
  • Windows SharePoint 
  • Windows RDS 

Major Microsoft Services 

  • Microsoft Exchange Server 
  • Versions  
  • Microsoft SQL Server 

 

Microsoft Exchange Server 

As the world's largest email server, it dominated corporate mailbox provision from the 1990s to today where most mailboxes reside in Microsoft 365. But there are millions of Exchange Servers in private and semi-public data centers around the world. 

Initially, Security for Exchange was difficult and only secured by Admin access, firewalls, and router NATs. But Microsoft’s over-trusting of the internet soon made Exchange a massive vector and security soft spot. 

Version 

Year 

EOL 

EOS 

Exchange Server 4.0 

1996 

N/A 

N/A 

Exchange Server 5.0 

1997 

N/A 

N/A 

Exchange Server 5.5 

1998 

N/A 

N/A 

Exchange 2000 Server 

2000 

12/31/2003 

12/31/2010 

Exchange Server 2003 

2003 

12/31/2008 

4/8/2014 

Exchange Server 2007 

2006 

4/11/2011 

4/11/2017 

Exchange Server 2010 

2009 

1/31/2014 

10/13/2020 

Exchange Server 2013 

2012 

4/11/2018 

4/11/2023 

Exchange Server 2016 

2015 

10/14/2021 

10/14/2025 

Exchange Server 2019 

2018 

10/9/2023 

10/14/2028 

 

How to Secure Microsoft Exchange Platforms  

Securing Microsoft Exchange involves a layered approach that addresses various security aspects and leverages Microsoft Defender for Office 365 for more advanced email threat protection. The following 8 tips are recommended for general protection and hardening of Microsoft Exchange: 

  1. Keep Microsoft Exchange updated
  2. Implement Multi-Factor Authentication (MFA) 
  3. Enforce strong password policies 
  4. Secure user access: 
  5. Leverage email security features 
  6. Monitor Exchange activity 
  7. Implement backups and disaster recovery plan 
  8. Educate users

Other tips 
  • Use strong encryption for data at rest and in transit. 
  • Segment your network to isolate Exchange servers from other network segments. 
  • Regularly test your security posture through security assessments and penetration testing. 

 

Virsec’s Cyber Security Platform 

The Virsec Security Platform (VSP) is a complete protection layer that operates faster than EDR, MDR or XDR to identify and prevent malicious code from deploying malware and ransomware in the form of RCEs like DLLs and EXEs from infecting and taking control of your server environments. 

To learn more about the Virsec Security Platform (VSP), please visit us at www.virsec.com

 
View full post