Microsoft has issued a revised November 2024 security update (SUv2) for Exchange Server, following the withdrawal of the initial release (SUv1) that caused email delivery disruptions. The problems primarily impacted servers utilizing custom mail flow rules and Data Loss Protection (DLP) configurations.
Update Implementation Guidelines:
1. Manual SUv1 Users (Without Transport/DLP Rules):
– Upgrade to SUv2 to enhance X-MS-Exchange-P2FromRegexMatch header management
2. Automatic SUv1 Users (Without Transport/DLP Rules):
– Automatic SUv2 deployment scheduled for December 2024
3. SUv1 Installed/Uninstalled Environments:
– Immediate SUv2 installation required
4. Systems Without November Updates:
– Direct SUv2 installation recommended
Technical Enhancements:
– Improved protection against CVE-2024-49040 vulnerability
– Enhanced “Non-RFC compliant P2 FROM header detection”
– Default email warning system with secure settings
Administrative Requirements:
– Post-installation Exchange Health Checker script execution mandatory
– Windows Update deployment scheduled post-US Thanksgiving
– Default security settings activated for email warning system
This revision addresses previous functionality issues while enhancing email security measures.