Article Details
Scrape Timestamp (UTC): 2024-11-27 22:35:45.262
Original Article Text
Click to Toggle View
Microsoft re-releases Exchange updates after fixing mail delivery. Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. The company announced it pulled the updates from the Download Center and Windows Update following widespread reports from admins that email had stopped flowing in their organizations. This known issue affects those customers who use transport (mail flow) rules or data loss protection (DLP) rules, which will stop periodically after installing the November Exchange Server 2016 and Exchange Server 2019 security updates. Today, the Exchange Team advised admins who installed the original November 2024 SU (Nov 2024 SUv1) to deploy the re-released November 2024 SU (Nov 2024 SUv2) that resolves the mail delivery issues in affected environments. The company also shared the following table, which provides detailed information on the actions admins must take based on their environment. If Nov 2024 SUv1… Then… was installed manually, and you do not use any transport or DLP rules, it is recommended to install the Nov 2024 SUv2 to gain more granular control over the X-MS-Exchange-P2FromRegexMatch header. was installed using Microsoft / Windows update and you do not use any transport or DLP rules, in December 2024, the server will download and install the Nov 2024 SUv2. was installed (manually or automatically) and then uninstalled to fix the issue with transport rules, install the re-released Nov 2024 SUv2. was never installed, install the re-released Nov 2024 SUv2. Microsoft also advises admins to always run the Exchange Health Checker script after installing security updates to detect common configuration issues known to cause performance issues and see if additional steps might be needed. "Servers that get automatic updates from Windows Update will see the Nov 2024 SUv2 available," the company added on Tuesday. "Please note that we have delayed the release of the Nov 2024 SUv2 to Microsoft / Windows Update until December to prevent servers from automatically installing the Nov 2024 SUv2 over the US Thanksgiving holiday." The Nov 2024 SUv2 package also adds more granular control for "Non-RFC compliant P2 FROM header detection" designed to add warnings to malicious emails suspected of exploiting a high-severity Exchange Server vulnerability (CVE-2024-49040) that can let attackers forge legitimate senders to make malicious messages a lot more effective. Redmond says CVE-2024-49040 exploitation detection and email warnings will be enabled by default on all servers where admins toggle on secure by default settings.
Daily Brief Summary
Microsoft re-released the November 2024 security updates for Exchange Server after initial versions halted email deliveries involving custom mail flow rules.
The update withdrawal occurred following complaints from administrators about disrupted email functions in organizations using transport or DLP rules.
The revised update, November 2024 SUv2, addresses and resolves the mail delivery interruptions experienced in specific environments.
Recommendations for administrators vary: those who initially installed the problematic update manually or via Windows Update are advised to install the November 2024 SUv2 regardless of their rules usage.
To prevent automatic updates during the U.S. Thanksgiving holidays, Microsoft has postponed the SUv2 rollout on its Windows Update service until December 2024.
The updated November 2024 SUv2 also includes enhancements for detecting non-RFC compliant P2 FROM headers, increasing protection against a high-severity vulnerability (CVE-2024-49040) that could allow attackers to forge legitimate email senders.
Microsoft emphasizes the importance of running the Exchange Health Checker script post-update to ensure configuration optimizations and detect any potential performance issues.