Released: March 2023 Exchange Server Security Updates

rhupf Think of it this way: seeing that the vulnerability is on Outlook client side, you as the #1 priority want to stop the vulnerability from being exploited on clients (and Outlook sending the NTLM hash anywhere where it should not go). Then, if you want to check if any of your users have received messages that were trying to grab their NTLM hashes, you can run the script. Unless you update your clients first, it is possible that a new message with problematic property arrive to your user's mailbox 5 minutes after you ran the script, correct? But if Outlook has been updated already, then the presence of problematic property will not matter. So we suggest to update Outlook clients as a matter of priority and work on the script at the later time if you want to asses if your potentially sensitive users were targeted.