Microsoft has released Security Updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
SUs are available in a self-extracting auto-elev...
Updated May 08, 2023
Version 22.0
Blog Post
Nino_Bilic
Microsoft
Microsoftbretzeli First off, realize that you are talking to a wrong engineering team about the details of the Outlook fix. We support Exchange Server and Exchange Online. Other teams within Microsoft support Outlook (and release updates for Outlook). I know this is not necessarily helpful - but I want to be clear that we on the Exchange Team have released the script only for this particular Outlook vulnerability and will keep making improvements to it as feedback comes in. But we do not own the Outlook fix. Now:
- I cannot really comment on the timeline of the Outlook vulnerability. The information that you see is the information that I see too. I do not have any additional information on that (I did link to the MSRC blog post that was also created for this issue in our blog post, earlier today).
- We are not aware of language issues with the script; if there are some, let us know. You are welcome to file the issue via GitHub (the best way)
- There is not "so much focus" on running the script against Exchange Online mailboxes. We, however, wanted to provide a way for customers who might want to run the script against Exchange Online mailboxes, to do so. Exchange Online clients do not use NTLM like on-prem clients might.