Microsoft has identified an issue where outdated Exchange servers fail to receive new emergency mitigation definitions due to a deprecation in the Office Configuration Service (OCS) certificate type. These systems, already years behind modern standards, cannot auto-mitigate security issues because EEMS mitigations are no longer being downloaded from OCS.
EEMS, introduced in 2021, provides interim security fixes for high-risk Exchange Server vulnerabilities until official updates arrive. However, servers running older versions of Exchange (before March 2023) cannot access new mitigations due to the deprecation of certain certificate types. This results in “Error, MSExchange Mitigation Service” events and compromised server security.
Microsoft urges customers with outdated Exchange Servers to update their systems as soon as possible to restore EEMS functionality. Servers affected include those running versions older than March 2023, ProxyLogon zero-day exploits, or any Exchange Server CU/SU released before this date.
The issue stems from state-sponsored and financially motivated cyberattacks that exploited these vulnerabilities, highlighting the importance of prompt server upgrades for security resilience. Customers are advised to apply the latest supported updates and keep their Exchange servers patched to ensure they can deploy emergency security patches when available.
Source: https://www.bleepingcomputer.com/news/security/microsoft-outdated-exchange-servers-fail-to-auto-mitigate-security-bugs