Microsoft Released Patch for Exchange Server Email Spoofing Vulnerability


Microsoft has unveiled crucial Security Updates (SUs) for its Exchange Server platforms. The November 2024 update addresses several vulnerabilities in Exchange Server 2019 and 2016, specifically targeting versions Exchange Server 2019 CU13 and CU14, as well as Exchange Server 2016 CU23.

While Microsoft reports no active exploits in the wild, the tech giant strongly recommends immediate installation of these updates to safeguard user environments. The vulnerabilities were identified through Microsoft’s internal processes and responsible reporting from security partners.

SIEM as a Service

Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)

Key Highlights of the Update

  1. AMSI Integration Improvements: The update expands the capabilities of products using Exchange Server AMSI integration, allowing for additional tasks on message bodies. This feature is disabled by default and can be enabled on a per-protocol basis.
  2. Non-compliant RFC 5322 P2 FROM Header Detection: To address vulnerability CVE-2024-49040, a new feature detects non-RFC 5322 compliant P2 FROM headers in incoming emails.
  3. Enhanced ECC Certificate Support: The update improves support for ECC certificates, now usable on Edge Transport servers and bindable to POP and IMAP services.

To ensure the proper installation of these updates, Microsoft provides several tools and scripts to assist administrators in verifying their systems’ health and update status:

  • Exchange Update Wizard: Helps identify the correct cumulative update path based on the current and target CU versions.
  • Exchange Server Health Checker Script: This script inventories Exchange servers, identifies outdated components, and provides guidance on necessary updates. It should be re-run after SU installations to confirm all updates have been applied correctly.
  • SetupAssist Script: Administrators encountering issues during or after the update process can use SetupAssist to troubleshoot and resolve installation problems. Further guidance on repairing failed installations is also available.

Attend a Free Webinar on How to Maximize Cybersecurity Program ROI



Source link