Outdated Exchange Servers Could Lose Critical Security Protections, Microsoft Warns
Outdated Exchange Servers may lose access to critical security mitigations.
Published: Jan 27, 2025
Key Takeaways:
- Microsoft warns that the Exchange Emergency Mitigation Service (EEMS) may stop working on outdated Exchange Servers.
- Exchange Servers using older versions might face connection errors and failed mitigation updates.
- Microsoft urges administrators to keep Exchange Servers updated.
Microsoft has alerted organizations about the risks of using outdated Exchange Servers. The company has warned that the Exchange Emergency Mitigation Service (EEMS) may no longer work on Exchange Server versions older than March 2023.
What is Exchange Emergency Mitigation Service?
Microsoft first released the Exchange Emergency Mitigation Service (EEMS) back in September 2021. This security feature enables organizations to protect their Exchange Servers by automatically applying mitigations to address potential threats within their organizations.
EEMS leverages the Office Config Service (OCS) to check for and download necessary mitigations, including disabling vulnerable services, blocking malicious HTTP requests, and disabling vulnerable app pools. Administrators can control applied mitigations through Exchange PowerShell cmdlets and scripts.
How will this change affect Exchange Servers?
Microsoft is planning to deprecate an older certificate type used by the Office Configuration Service (OCS). This certificate is essential for EEMS to connect to OCS and download new mitigation definitions.
“One of older certificate types in OCS is getting deprecated. “A new certificate has already been deployed in OCS, and any server that is updated to any Exchange Server Cumulative Update (CU) or Security Update (SU) newer than March 2023 will continue to be able to check for new EEMS mitigations,” the Exchange team explained.
According to Microsoft, customers running the EEMS on Exchange Server versions older than March 2023 might see error messages in the Application log or EEMS log indicating issues with connecting to the mitigation endpoint. Additionally, Microsoft notes that running the $exscripts\Get-Mitigations.ps1 script will fail with the following warning message: “WARNING: Connection with Mitigation Endpoint was not successful. To enable connectivity please refer: https://aka.ms/HelpConnectivityEEMS”
To ensure that EEMS works effectively, Microsoft advises administrators to keep their Exchange Servers up to date with the latest security and cumulative updates. This will allow EEMS to continue receiving and applying mitigations to protect against emerging security threats.