Microsoft has launched a new optional protection for Microsoft Exchange servers called the Exchange Emergency Mitigation service.
This tool will automatically apply temporary mitigations to participating Microsoft Exchange servers to help protect against high-risk threats, such as the exploitation of a new vulnerability, until a security update is available and applied.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) encourages Australian organisations who manage self-hosted internet facing Microsoft Exchange servers review the Exchange Emergency Mitigation service and consider its implementation.
Details on the Exchange Emergency Mitigation service, supported platforms and configuration information are available from Microsoft.
The ASD’s ACSC urges organisations to prioritise applying security updates and patches when available, regardless of whether the new Exchange Emergency Mitigation service is utilised.
For the patching guidance please see the ASD’s ACSC's Assessing Security Vulnerabilities and Applying Patches.