Microsoft Halts November 2024 Exchange Security Updates Due to Email Delivery Issues

November 15, 2024

Microsoft has temporarily suspended the November 2024 Exchange security updates that were rolled out during the recent Patch Tuesday. The suspension followed numerous complaints from administrators who reported that email services had completely ceased after the updates were installed. This problem impacts users who employ transport rules, also known as mail flow rules, or data loss protection (DLP) rules. These rules tend to stop intermittently after the installation of the November security updates for Exchange Server 2016 and 2019.

While transport rules are used to filter and redirect emails while they are in transit, DLP rules are designed to prevent sensitive information from being accidentally shared or leaked outside an organization. Microsoft has stated, "We are continuing the investigation and are working on a permanent fix to address this issue. We will release it when ready. We have also paused the rollout of November 2024 SU to Windows / Microsoft Update." Administrators who are experiencing mail flow issues have been advised by Microsoft to uninstall the problematic November security updates until they are re-released. However, those who do not use transport or DLP rules and have not encountered this issue can continue using their updated Exchange servers.

In addition to this, Microsoft disclosed a high-severity Exchange Server vulnerability (CVE-2024-49040) this week, which could allow attackers to impersonate legitimate email senders, making malicious messages appear more credible. Microsoft explained that this vulnerability is due to the current implementation of the P2 FROM header verification, which occurs during transport. The company warned that this security flaw could be exploited in spoofing attacks targeting Exchange servers. The current implementation allows some non-RFC 5322 compliant P2 FROM headers to pass, which can result in the email client (e.g., Microsoft Outlook) displaying a forged sender as if it were legitimate.

While Microsoft has not yet patched this vulnerability and will continue to accept emails with these malformed headers, the company has stated that servers will now detect and prepend a warning to malicious emails after the installation of the Exchange Server November 2024 Security Update (SU). During the November 2024 Patch Tuesday, Microsoft fixed four zero-days, two of which were being actively exploited in attacks and three that were publicly disclosed. The company also addressed four critical vulnerabilities, including two remote code execution flaws and two elevations of privileges bugs.

Related News

• Microsoft's November Update: Two Zero-Day Bugs Under Active Exploit
• Microsoft Exchange Introduces Warning for Emails Exploiting Spoofing Flaw

Latest News

• CISA Issues Warning on Active Exploitation of Additional Palo Alto Networks Vulnerabilities
• Critical Vulnerability Found in PostgreSQL PL/Perl: Varonis Issues Warning
• Russian Cybercriminals Exploit NTLM Flaw to Launch RAT Malware via Phishing Attacks
• Resurgence of China's Volt Typhoon Botnet: A Persistent Cybersecurity Threat
• End-of-Life D-Link NAS Devices Under Attack Due to Critical Bug