Microsoft has released new security updates for all supported Exchange Server versions today. Microsoft expressly points out that the updates no fix for the zero-day vulnerabilities (ProxyNotShell). The following vulnerabilities are fixed by the security update, three of the vulnerabilities are considered critical:
The updates can be downloaded here:
Here you can find the article on the Exchange Team Blog:
Since, as already mentioned, the zero-day gaps have not yet been closed, the workaround via URL rewrite rule must be retained. The string for the Reg-Ex pattern has recently been modified several times by Microsoft. This is the current string for the URL rewrite rule:
(?=.*autodiscover)(?=.*powershell)
Instructions for configuring the URL rewrite rule can be found here:
Microsoft recommends that the updates are installed promptly.
