Microsoft has released Security Updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
SUs are available in a self-extracting auto-elev...
Updated May 08, 2023
Version 22.0
Blog Post
Nino_Bilic Appreciate the response! We are targeting high value user mailboxes first.
My hope is that this might be something we can hunt for in M365 Defender, or possibly something that our Cisco Secure Email appliance might be able to provide retrospective alerts for. Patching should be priority #1 as you stated, but some environments and scenarios... not so simple. For example, 30k of our 40k mailboxes are students. (we're a higher ed customer) M365 Apps for enterprise on their personal/unmanaged devices should be auto-patching, and we can report on update statuses in the M365 Apps admin center... But ultimately there's nothing to stop those users from turning off patching, delaying the patch that fixes this vulnerability, having some app/device issue that is preventing the patch, and so on. Same goes for personal/unmanaged devices for everyone else. Visibility into attempted compromises from the mailbox/service side would be invaluable given the scale of possibilities here.