Microsoft Releases Updated Mitigations for Exchange Server Flaws
Microsoft has updated its Customer Guidance for Reported Zero-day Vulnerabilities in Exchange Server; Microsoft’s initial mitigations were found to be insufficient. The flaws, which are together being called ProxyNotShell, were disclosed in September. Microsoft has not said when it expects to have a fix available.
Keep an eye on the Microsoft guidance below. It has been revised at least three times. If you’re using the Microsoft provided scripts, such as EOMTv2, you need to grab the updated versions and run them again. Given that there is no patch yet, you really need to verify the path forward for on-premises Exchange servers, with an eye to getting out of that business.