Known issues with mitigation tactics: However, admins should note there are known issues once the mitigation is applied either manually or automatically through the EM Service.OWA Print Calendar functionality might not work. As a workaround, copy the data or screenshot the calendar you want to print, or use Outlook Desktop client. Inline images might not display correctly in the recipient’s OWA reading pane. As a workaround, send images as email attachments or use Outlook Desktop client. OWA light (OWA URL ending in /?layout=light) does not work properly. Note that this feature was deprecated several years ago and is not intended for regular production use.Admins may get a message saying “Mitigation invalid for this Exchange version.” in mitigation details. This issue is cosmetic and the mitigation does apply successfully if the status is shown as “Applied”. Microsoft is investigating how to address this glitch.
Updates coming ‘in the future’: A Microsoft spokesperson was asked when the security update would be released. We were referred to the company’s statement. In its warning, Microsoft says security updates for impacted versions of Exchange Server will come “in the future.” They will be for Exchange SE RTM, Exchange 2016 CU23, and Exchange Server 2019 CU14 and CU15. Those running older CU versions are urged to update now.An Exchange SE update will be released as a publicly available security update. Exchange 2016 and 2019 updates will be released only to customers who are enrolled in the Period 2 Exchange Server ESU program. Period 1-only ESU customers will not receive this update, as that program ended last month. Enderle said the fact that Microsoft issued an interim fix that breaks features like calendar printing and inline images is “a clear sign of how desperate they are to stop the bleeding.”CSOs need to move past the ‘wait and see’ approach and treat this as a litmus test for their security automation,” he said. “If your team has the Exchange Emergency Mitigation (EM) Service enabled, you should already be protected, but you need to verify that ‘Mitigation M2’ is actually active across your entire inventory. If you’re running air-gapped or have the EM service disabled, you’re sitting ducks until you manually run the EOMT script.”This is another “massive nudge” from Redmond to shift from on-premises email, Enderle added. “If you aren’t already planning your exit from on-site Exchange, your risk profile is only going to keep climbing as these zero days become the new normal. This does showcase that Azure, and web services in general, are where the industry, and particularly Microsoft, is pushing IT to go, whether they want to or not.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4171903/exchange-server-zero-day-vulnerability-can-be-triggered-by-opening-a-malicious-email.html
