Microsoft has re-released the November 2024 Security Updates (SUs) for Exchange Server, addressing a critical issue that caused transport rules to stop functioning after a certain period in some environments.
This update comes as a response to widespread reports from administrators experiencing email delivery problems following the initial release on November 12, 2024.
The re-released update, dubbed Nov 2024 SUv2, resolves the mail delivery issues affecting customers who use transport (mail flow) rules or data loss protection (DLP) rules.
Microsoft is advising administrators to take specific actions based on their current setup:-
For those who manually installed the original update (Nov 2024 SUv1) and don’t use transport or DLP rules, it’s recommended to install Nov 2024 SUv2 for enhanced control over the X-MS-Exchange-P2FromRegexMatch header.
Servers that received the update via Microsoft/Windows Update and don’t use transport or DLP rules will automatically download and install Nov 2024 SUv2 in December 20241.
Administrators who installed the original update and then uninstalled it to address transport rule issues should install the re-released Nov 2024 SUv21.
Those who never installed the original update are advised to proceed with installing Nov 2024 SUv21.
Microsoft researchers observed that the Exchange Team has emphasized the importance of running the Exchange Health Checker script after installing security updates to detect common configuration issues and determine if additional steps are necessary.
Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.
Delayed ‘SUv2’
Notably, Microsoft has delayed the release of Nov 2024 SUv2 to Microsoft/Windows Update until December to prevent automatic installations over the U.S. Thanksgiving holiday.
This re-release also introduces more granular control for “Non-RFC compliant P2 FROM header detection,” designed to add warnings to potentially malicious emails that might exploit a high-severity Exchange Server vulnerability (CVE-2024-49040).
This feature will be enabled by default on servers with secure-by-default settings activated.
Administrators are encouraged to review the detailed information provided in the Microsoft Security Response Center and take appropriate action based on their specific Exchange Server configuration.
Timely application of these critical updates remains crucial for maintaining the security and functionality of Exchange Server environments due to the constant evolution of cybersecurity landscape.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar