Microsoft says outdated Trade servers can’t obtain new emergency mitigation definitions as a result of an Workplace Configuration Service certificates sort is being deprecated.
Emergency mitigations (often known as EEMS mitigations) are delivered by way of the Trade Emergency Mitigation Service(EEMS), launched three years in the past in September 2021.
EEMS mechanically applies interim mitigations for high-risk (and certain actively exploited) safety flaws to safe on-premises Trade servers in opposition to assaults. It detects Trade Servers susceptible to identified threats and applies interim mitigations till safety updates are launched.
EEMS runs as a Home windows service on Trade Mailbox servers and is mechanically put in on servers with the Mailbox function after deploying September 2021 (or later) cumulative updates on Trade Server 2016 or Trade Server 2019.
Nonetheless, in response to the Trade Group, EEMS “is not able to contact” the Workplace Configuration Service (OCS) and obtain new interim safety mitigations on out-of-date servers working Trade variations older than March 2023, as an alternative triggering “Error, MSExchange Mitigation Service” occasions.
“One of older certificate types in OCS is getting deprecated. A new certificate has already been deployed in OCS, and any server that is updated to any Exchange Server Cumulative Update (CU) or Security Update (SU) newer than March 2023 will continue to be able to check for new EEMS mitigations,” the Trade Group mentioned immediately.
“In case your servers are a lot outdated, please replace your servers ASAP to safe your e mail workload and re-enable your Trade server to test for EEMS guidelines. It is very important at all times preserve your servers updated. Operating Trade Server Well being Checker will at all times let you know what it is advisable to do!”
The characteristic was added after state-sponsored and financially motivated hackers exploited ProxyLogon and ProxyShellzero-days, which lacked patches or mitigation data, to breach Trade servers.
In March 2021, at the very least ten hacking teams exploited ProxyLogon, together with a Chinese language-sponsored menace group identified by Microsoft as Hafnium.
Microsoft additionally urged prospects two years in the past, in January 2023, to use the most recent supported Cumulative Replace (CU) and preserve their on-premises Trade servers patched to make sure they’re at all times able to deploy emergency safety updates.
