Exchange Server administrators who are sluggish in applying updates have received a warning from Microsoft: the Exchange Emergency Mitigation Service (EEMS) may cease functioning on versions that are "significantly out of date."
Since its launch in September 2021, EEMS has provided critical support by connecting to the Office Configuration Service (OCS) to assess the status of necessary mitigations. With a documented history of vulnerabilities in Exchange Server, including incidents that have led to extensive patches, this service is vital for maintaining security.
However, Microsoft cautions that if administrators do not keep their servers updated, particularly with versions older than the March 2023 updates, they will likely lose access to vital mitigation definitions from OCS. Notably, one older type of certificate used by OCS is being phased out, and Microsoft indicated that any server updated beyond March 2023 will still be able to receive new mitigations.
Thus, if your server is at least updated to the March 2023 Security Update, you should remain protected from losing EEMS functionality. Microsoft’s classification of servers lagging behind as "significantly out of date" highlights the importance of staying current with system updates for security measures.
For system administrators, the takeaway is clear: timely updates are essential not only for security but also for the functionality of important services like EEMS.