Summary: Microsoft has announced that outdated Exchange servers will no longer receive new emergency mitigation definitions due to the deprecation of an Office Configuration Service certificate type. The Exchange Emergency Mitigation Service (EEMS) is designed to apply interim mitigations for high-risk security flaws but cannot function on servers running versions older than March 2023. Users are urged to update their servers to maintain security and access to EEMS mitigations.
Threat Actor: Hafnium | Hafnium
Victim: Microsoft Exchange Server Users | Microsoft Exchange Server Users
Keypoints :
- Outdated Exchange servers cannot receive new EEMS mitigations due to deprecated certificate types.
- EEMS was introduced to automatically apply mitigations for high-risk vulnerabilities in Exchange servers.
- Users are advised to update their servers to ensure they can access emergency security updates.