Microsoft has released the Exchange On-premises Mitigation Tool (EOMT.ps1) that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: „[the tool is intended] to help customers who do not have dedicated security or IT teams to apply these security updates. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments. This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.” CISA recommends users review the EOMT.ps1 blog post for directions on using the tool.
CISA encourages users and administrators to review the following resources for more information.
- Microsoft’s EOMT.ps1 blog post
- Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
- CISA’s Remediating Microsoft Exchange Vulnerabilities web page