Microsoft has released Security Updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
SUs are available in a self-extracting auto-elev...
Updated Dec 01, 2022
Version 9.0
Blog Post
Hey,
I've installed the SU yesterday (with the EXE file) and rebooted the server. Today I've removed the mitigation. Only a few minutes After the removal, the Windows Defender detected an Exploit attempt
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Script/ExchgProxyRequest.A!gen&threatid=2147834423&enterprise=0
Name: Exploit:Script/ExchgProxyRequest.A!gen
ID: 2147834423
Severity: Severe
Category: Exploit
Path: amsi:_\Device\HarddiskVolume5\Windows\System32\inetsrv\w3wp.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
User: NT AUTHORITY\SYSTEM
Process Name: C:\Windows\System32\inetsrv\w3wp.exe
Security intelligence Version: AV: 1.379.114.0, AS: 1.379.114.0, NIS: 1.379.114.0
Engine Version: AM: 1.1.19800.4, NIS: 1.1.19800.4
Should I be worried that the SU don't fully fix the issue?