Hi @Sathishkumar Singh ,
"http-server-header: Microsoft-IIS/8.5 – Only available on Microsoft Serveur 2012 R2 Last CVE is 2014 on IIS 8.5
Exploitation of recent CVE (ex : CVE 10-05-2022 with 9.0 CVE Score On Microsoft Serveur 2012
R2) "
I wonder where you got this error from ? Since different testing methods focus on different directions, it is recommended that you could use healthchecker.ps1 to check that there are security vulnerabilities in your environment.
In addition, I have referred to the method you provided and operated it in my lab. I got the same result as you . I also didn't find the HTTP header " X-ASPNET-VERSION" . Since this link is not officially provided by Microsoft, we cannot guarantee the accuracy and security of this method .
I would suggest that you could refer to the following link to update the Exchange Server Security Updates to the latest version to protect your environment.
Released: August 2022 Exchange Server Security Updates - Microsoft Tech Community
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.