Microsoft has announced that outdated Exchange servers are unable to download new Emergency Mitigation definitions due to the deprecation of an older Office Configuration Service certificate type, reports BleepingComputer.
"A new certificate has already been deployed in OCS, and any server that is updated to any Exchange Server Cumulative Update or Security Update newer than March 2023 will continue to be able to check for new EEMS mitigations," the Exchange Team said. "If your servers are so much out of date, please update your servers ASAP to secure your email workload and re-enable your Exchange server to check for EEMS rules."
The team also strongly urged enterprise server managers to keep their servers up-to-date and to deploy the Exchange Server Health Checker. EEMS was introduced in 2021 after cybercriminal campaigns conducted by state-sponsored and financially motivated threat actors including the Hafnium group that exploited zero-day vulnerabilities such as ProxyLogon and ProxyShell. The feature provides automatic interim mitigations for critical vulnerabilities in on-premises Exchange servers until official security updates are released.