Microsoft has pulled the November 2024 Trade safety updates launched throughout this month’s Patch Tuesday due to electronic mail supply points on servers utilizing customized mail stream guidelines.
The corporate introduced it pulled the updates from Home windows Replace and the Obtain Middle following widespread studies from admins saying that electronic mail had stopped flowing altogether.
This situation impacts prospects utilizing transport guidelines (also referred to as mail stream guidelines) or knowledge loss safety (DLP) guidelines, which is able to cease periodically after putting in the November Trade Server 2016 and Trade Server 2019 safety updates.
Whereas mail stream guidelines filter and redirect emails in transit (simply as Outlook inbox guidelines for emails which have already landed within the person’s mailbox), DLP guidelines stop delicate info from being by chance shared or leaked outdoors a company.
“We are continuing the investigation and are working on a permanent fix to address this issue. We will release it when ready. We have also paused the rollout of November 2024 SU to Windows / Microsoft Update,” Redmond mentioned.
Microsoft additionally suggested admins who see mail stream points to uninstall the buggy November safety updates till re-released. Nonetheless, those that do not use transport or DLP guidelines and haven’t run into this situation can proceed utilizing their up-to-date Trade servers.
Warnings on emails abusing spoofing flaw
This week, Microsoft additionally disclosed a high-severity Trade Server vulnerability (CVE-2024-49040) that may let attackers forge professional senders on incoming emails to make malicious messages rather more efficient.
“The vulnerability is caused by the current implementation of the P2 FROM header verification, which happens in transport,” Microsoft defined, warning that the safety flaw could possibly be utilized in spoofing assaults focusing on Trade servers.
“The current implementation allows some non-RFC 5322 compliant P2 FROM headers to pass which can lead to the email client (for example, Microsoft Outlook) displaying a forged sender as if it were legitimate.”
Whereas Microsoft has not patched the vulnerability and can nonetheless settle for emails with these malformed headers, Redmond says servers will now detect and prepend a warning to malicious emails after putting in the Trade Server November 2024 Safety Replace (SU).
​Microsoft fastened 4 zero-days through the November 2024 Patch Tuesday fixes, two actively exploited in assaults and three publicly disclosed.
It additionally addressed 4 essential vulnerabilities, together with two distant code execution flaws and two elevations of privileges bugs.
