
Microsoft has announced that outdated Exchange servers are unable to receive new emergency mitigation definitions due to the deprecation of an Office Configuration Service (OCS) certificate type. This affects the Exchange Emergency Mitigation Service (EEMS), a crucial security feature introduced in September 2021.
EEMS, which automatically applies security mitigations for high-risk vulnerabilities on Exchange servers, is experiencing connectivity issues with servers running versions older than March 2023. The service typically operates as a Windows service on Exchange Mailbox servers and is automatically installed on Exchange Server 2016 or 2019 with September 2021 or later updates.
The Impact:
– Affected servers cannot download new interim security mitigations
– Systems trigger “Error, MSExchange Mitigation Service” events
– Only servers updated after March 2023 maintain EEMS functionality
This security feature was implemented following serious security incidents, including the ProxyLogon and ProxyShell zero-day exploits, which were targeted by multiple hacking groups, including the Chinese-sponsored Hafnium group.
Microsoft strongly advises customers to:
1. Update servers immediately to secure email workloads
2. Apply the latest supported Cumulative Update (CU)
3. Maintain regular patch management
4. Run Exchange Server Health Checker for guidance
The company emphasizes that keeping Exchange servers current is crucial for maintaining security and ensuring continuous protection against emerging threats.