Hello all,
When I run the HealthChecker script on our Exchange 2016 on-prem server, I get this warning:
Security Vulnerability: CVE-2022-24516, CVE-2022-21979, CVE-2022-21980, CVE-2022-24477, CVE-2022-30134
Extended Protection should be set to 'None' on the vDir where IP filtering is enabled
Extended Protection isn't configured as expected
Then for the Default Web Site-ECP dir, 'ConfigSupported' is False, 'IPFilterEnabled' is True.
We do have IP restrictions set on ECP, only allowing connections from authorized networks, so from what I understand we should disable (or roll back) Extended Protection for that dir. However, we are able to still access ECP from our authorized networks, and the IP restrictions are working for it.
In this case, should we leave it as is, or, should we still disable EP for it?
Thanks
