Microsoft says outdated Alternate servers can not obtain new emergency mitigation definitions as a result of an Workplace Configuration Service certificates sort is being deprecated.
Emergency mitigations (often known as EEMS mitigations) are delivered by way of the Alternate Emergency Mitigation Service(EEMS), launched three years in the past in September 2021.
EEMS robotically applies interim mitigations for high-risk (and certain actively exploited) safety flaws to safe on-premises Alternate servers towards assaults. It detects Alternate Servers weak to recognized threats and applies interim mitigations till safety updates are launched.
EEMS runs as a Home windows service on Alternate Mailbox servers and is robotically put in on servers with the Mailbox position after deploying September 2021 (or later) cumulative updates on Alternate Server 2016 or Alternate Server 2019.
Nonetheless, in keeping with the Alternate Crew, EEMS “will not be capable of contact” the Workplace Configuration Service (OCS) and obtain new interim safety mitigations on out-of-date servers working Alternate variations older than March 2023, as an alternative triggering “Error, MSExchange Mitigation Service” occasions.
“One in every of older certificates varieties in OCS is getting deprecated. A brand new certificates has already been deployed in OCS, and any server that’s up to date to any Alternate Server Cumulative Replace (CU) or Safety Replace (SU) newer than March 2023 will proceed to have the ability to verify for brand spanking new EEMS mitigations,” the Alternate Crew mentioned at this time.
“In case your servers are a lot outdated, please replace your servers ASAP to safe your e mail workload and re-enable your Alternate server to verify for EEMS guidelines. It is very important at all times hold your servers updated. Operating Alternate Server Well being Checker will at all times inform you what it’s worthwhile to do!”
The function was added after state-sponsored and financially motivated hackers exploited ProxyLogon and ProxyShellzero-days, which lacked patches or mitigation info, to breach Alternate servers.
In March 2021, at the very least ten hacking teams exploited ProxyLogon, together with a Chinese language-sponsored risk group recognized by Microsoft as Hafnium.
Microsoft additionally urged prospects two years in the past, in January 2023, to use the newest supported Cumulative Replace (CU) and hold their on-premises Alternate servers patched to make sure they’re at all times able to deploy emergency safety updates.