Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

For multiple servers I have used the following process:

1. Configured one server as per instructions

2. Exported the rule using: %systemroot%\system32\inetsrv\appcmd list config "Default Web Site/Autodiscover" -section:system.webServer/rewrite/rules -xml > C:\SomeFolder\AutoD_rule.xml

3. Copied the XML to C:\SomeFolder on each Exchange server

4. Imported the rule on each Exchange server using: %systemroot%\system32\inetsrv\appcmd set config "Default Web Site/Autodiscover" -in < C:\SomeFolder\AutoD_rule.xml

5. (Guidance was vague, so) on the server being worked upon, I ran IISRESET from an elevated prompt (server not in production during change).

Rollback command to clear the rule (assumes no rules already existed there and default name used): 

%systemroot%\system32\inetsrv\appcmd set config "Default Web Site/Autodiscover" -section:system.webServer/rewrite/rules /-"[name='RequestBlockingRule1']"

EDIT: I have now used my own rollback, but instead of following the steps above, I implemented the EOMT (https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/) as it is clearly the way forward. EOMT doesn't restart IIS, so that answers that one. Nino_Bilic - Thanks for the update. I suspect that there will be lessons to be learned. The community is 24/7 and expects rapid responses when faced with such dilemmas, but perhaps that is just a grumpy old me at the end of a 17 hour day having just finished my third tranche of Exchange mitigations today