Update 11/8/2022: We have now released November 2022 Security Updates for Exchange Server. Please install those (or newer) updates to address vulnerabilities mentioned in this post. Mitigations are n...
Updated Nov 08, 2022
Version 17.0
Blog Post
2 MIN READ
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
Nino_Bilic
Microsoft
MicrosoftJust so it is clear as to why we have kept changing mitigations:
We changed mitigations because we would release a mitigation and then there would be a mitigation bypass. Then customers would ask us - what about this bypass? Is your mitigation still good? So we updated mitigations to include new scenarios.
That is the unfortunate thing with mitigations, as they are not fixes. Rather, they mitigate issues (in this case, the goal is to break the start of the attack chain as it was used in the wild). This is a bit of a "dance" that happens whenever there is a vulnerability that is not yet completely addressed in code: as soon as there is a mitigation, there is also research into how to bypass it. Rinse and repeat.
Our suggestion is to have EEMS enabled and running on your servers. We updated mitigations there too, but servers simply updated mitigations automatically, with no manual action required.