Ethical Hacking News
Microsoft pulls November 2024 Exchange security updates over major mail delivery issues, with some admins reporting that email delivery has stopped altogether on servers using custom mail flow rules. The company is continuing the investigation into this issue and working on a permanent fix.
The November 2024 Exchange security updates have been pulled from Windows Update and the Download Center due to widespread reports of email delivery stopping on servers using custom mail flow rules. The issue affects customers who use transport rules or data loss protection (DLP) rules, which will stop periodically after installing the November Exchange Server 2016 and Exchange Server 2019 security updates. A high-severity Exchange Server vulnerability (CVE-2024-49040) has been discovered, allowing attackers to forge legitimate senders on incoming emails to make malicious messages more effective. The vulnerability is caused by a current implementation issue with the P2 FROM header verification, which allows non-RFC 5322 compliant headers to pass. Microsoft will now detect and prepend a warning to malicious emails after installing the Exchange Server November 2024 Security Update, but has not yet patched the vulnerability.
Microsoft, the leading software company in the world, has made a significant announcement regarding the November 2024 Exchange security updates. The updates, which were released as part of the Patch Tuesday, have been pulled from Windows Update and the Download Center due to widespread reports from admins stating that email delivery had stopped altogether on servers using custom mail flow rules.
This issue affects customers who use transport rules or data loss protection (DLP) rules, which will stop periodically after installing the November Exchange Server 2016 and Exchange Server 2019 security updates. These rules are used to filter and redirect emails in transit, just like Outlook inbox rules for emails that have already landed in the user's mailbox.
However, it appears that Microsoft has encountered an issue with the current implementation of transport rules, which allows some non-RFC 5322 compliant P2 FROM headers to pass, leading to email clients displaying forged senders as if they were legitimate. This vulnerability, known as CVE-2024-49040, can be exploited by attackers in spoofing attacks targeting Exchange servers.
The company has disclosed that the security flaw could be used in spoofing attacks, which would allow malicious messages to appear as if they came from a legitimate sender. While Microsoft has not patched the vulnerability and will still accept emails with these malformed headers, Redmond says that servers will now detect and prepend a warning to malicious emails after installing the Exchange Server November 2024 Security Update.
In a statement, Microsoft explained that they are continuing the investigation into this issue and are working on a permanent fix. They also advised admins who see mail flow issues to uninstall the buggy November security updates until re-released. However, those who don't use transport or DLP rules and have not run into this issue can continue using their up-to-date Exchange servers.
It's worth noting that this is not the only issue facing Microsoft in the realm of cybersecurity. During the November 2024 Patch Tuesday fixes, Microsoft also fixed four zero-days and addressed four critical vulnerabilities, including two remote code execution flaws and two elevations of privileges bugs.
Furthermore, Microsoft has pulled the November 2024 Exchange security updates due to widespread reports from admins stating that email delivery had stopped altogether on servers using custom mail flow rules. This issue affects customers who use transport rules or data loss protection (DLP) rules, which will stop periodically after installing the November Exchange Server 2016 and Exchange Server 2019 security updates.
Microsoft has announced that they are continuing the investigation into this issue and are working on a permanent fix. They also advised admins who see mail flow issues to uninstall the buggy November security updates until re-released. However, those who don't use transport or DLP rules and have not run into this issue can continue using their up-to-date Exchange servers.
In related news, Microsoft has disclosed a high-severity Exchange Server vulnerability (CVE-2024-49040) that can let attackers forge legitimate senders on incoming emails to make malicious messages much more effective. The company has warned that the security flaw could be used in spoofing attacks targeting Exchange servers.
The vulnerability is caused by the current implementation of the P2 FROM header verification, which happens in transport. This implementation allows some non-RFC 5322 compliant P2 FROM headers to pass, leading to email clients displaying forged senders as if they were legitimate.
However, it appears that Microsoft has encountered an issue with the current implementation of transport rules, which is causing this problem. The company has disclosed that the security flaw could be used in spoofing attacks, which would allow malicious messages to appear as if they came from a legitimate sender.
While Microsoft has not patched the vulnerability and will still accept emails with these malformed headers, Redmond says that servers will now detect and prepend a warning to malicious emails after installing the Exchange Server November 2024 Security Update.
In conclusion, Microsoft's decision to pull the November 2024 Exchange security updates is a significant development in the company's efforts to address major mail delivery issues. The issue affects customers who use transport rules or data loss protection (DLP) rules, which will stop periodically after installing the November Exchange Server 2016 and Exchange Server 2019 security updates.
Microsoft has announced that they are continuing the investigation into this issue and are working on a permanent fix. They also advised admins who see mail flow issues to uninstall the buggy November security updates until re-released. However, those who don't use transport or DLP rules and have not run into this issue can continue using their up-to-date Exchange servers.
The company has also disclosed a high-severity Exchange Server vulnerability (CVE-2024-49040) that can let attackers forge legitimate senders on incoming emails to make malicious messages much more effective. The company has warned that the security flaw could be used in spoofing attacks targeting Exchange servers.
Overall, this development highlights the importance of cybersecurity and the need for companies like Microsoft to continually monitor and address potential vulnerabilities in their software updates.
Related Information:
https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-exchange-security-updates-over-mail-delivery-issues/
https://nvd.nist.gov/vuln/detail/CVE-2024-49040
https://www.cvedetails.com/cve/CVE-2024-49040/
Published: Fri Nov 15 09:56:50 2024 by llama3.2 3B Q4_K_M
