Microsoft re-releases Exchange updates after fixing mail delivery

### #ExchangeServerUpdates #EmailDeliveryIssues #SecurityPatchManagement

Summary: Microsoft has re-released the November 2024 security updates for Exchange Server to address previously reported email delivery issues caused by custom mail flow rules. The update aims to resolve the problems while enhancing security measures against potential vulnerabilities.

Threat Actor: N/A | N/A
Victim: Exchange Server Users | Exchange Server Users

Key Point :

  • Microsoft pulled the original November 2024 security updates due to widespread email delivery issues.
  • The re-released update (Nov 2024 SUv2) resolves these issues and adds granular control for email header detection.
  • Admins are advised to run the Exchange Health Checker script post-update to identify configuration issues.
  • Automatic updates for the Nov 2024 SUv2 will be delayed until December to avoid disruptions during the US Thanksgiving holiday.
  • The update includes enhanced detection for a high-severity vulnerability (CVE-2024-49040) that allows attackers to forge legitimate email senders.

Microsoft Exchange

​Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules.

The company announced it pulled the updates from the Download Center and Windows Update following widespread reports from admins that email had stopped flowing in their organizations.

This known issue affects those customers who use transport (mail flow) rules or data loss protection (DLP) rules, which will stop periodically after installing the November Exchange Server 2016 and Exchange Server 2019 security updates.

Today, the Exchange Team advised admins who installed the original November 2024 SU (Nov 2024 SUv1) to deploy the re-released November 2024 SU (Nov 2024 SUv2) that resolves the mail delivery issues in affected environments.

The company also shared the following table, which provides detailed information on the actions admins must take based on their environment.

If Nov 2024 SUv1…

Then…

was installed manually, and you do not use any transport or DLP rules,

it is recommended to install the Nov 2024 SUv2 to gain more granular control over the X-MS-Exchange-P2FromRegexMatch header.

was installed using Microsoft / Windows update and you do not use any transport or DLP rules,

in December 2024, the server will download and install the Nov 2024 SUv2.

was installed (manually or automatically) and then uninstalled to fix the issue with transport rules,

install the re-released Nov 2024 SUv2.

was never installed,

install the re-released Nov 2024 SUv2.

Microsoft also advises admins to always run the Exchange Health Checker script after installing security updates to detect common configuration issues known to cause performance issues and see if additional steps might be needed.

“Servers that get automatic updates from Windows Update will see the Nov 2024 SUv2 available,” the company added on Tuesday.

“Please note that we have delayed the release of the Nov 2024 SUv2 to Microsoft / Windows Update until December to prevent servers from automatically installing the Nov 2024 SUv2 over the US Thanksgiving holiday.”

The Nov 2024 SUv2 package also adds more granular control for “Non-RFC compliant P2 FROM header detection” designed to add warnings to malicious emails suspected of exploiting a high-severity Exchange Server vulnerability (CVE-2024-49040) that can let attackers forge legitimate senders to make malicious messages a lot more effective.

Redmond says CVE-2024-49040 exploitation detection and email warnings will be enabled by default on all servers where admins toggle on secure by default settings.

Source: https://www.bleepingcomputer.com/news/security/microsoft-re-releases-exchange-updates-after-fixing-mail-delivery