Exchange Mailbox databases must reside on a dedicated partition.

From MS Exchange 2013 Mailbox Server Security Technical Implementation Guide

Associated with: CCI-001082

SV-84601r1_rule Exchange Mailbox databases must reside on a dedicated partition.

Vulnerability discussion

In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and subsequent exploit to one application can lead to an exploit of other applications sharing the same security context. For example, an exploit to a web server process that leads to unauthorized administrative access to the host system can most likely lead to a compromise of all applications hosted by the same system.Email services should be installed to a discrete set of directories, on a partition that does not host other applications. Email services should never be installed on a Domain Controller/Directory Services server.

Check content

Review the Email Domain Security Plan (EDSP). Determine the location where the Exchange Mailbox databases reside. Open the Exchange Management Shell and enter the following command: Get-MailboxDatabase | Select Name, Identity, EdbFilePath Open Windows Explorer and navigate to and verify the mailbox databases are on a dedicated partition. If the mailbox databases are not on a dedicated partition, this is a finding.

Fix text

Update the EDSP. Configure the mailbox databases on a dedicated partition.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.