Microsoft re-releases Exchange updates after fixing mail delivery

Microsoft Exchange

​Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules.

The company announced it pulled the updates from the Download Center and Windows Update following widespread reports from admins that email had stopped flowing in their organizations.

This known issue affects those customers who use transport (mail flow) rules or data loss protection (DLP) rules, which will stop periodically after installing the November Exchange Server 2016 and Exchange Server 2019 security updates.

Today, the Exchange Team advised admins who installed the original November 2024 SU (Nov 2024 SUv1) to deploy the re-released November 2024 SU (Nov 2024 SUv2) that resolves the mail delivery issues in affected environments.

The company also shared the following table, which provides detailed information on the actions admins must take based on their environment.

If Nov 2024 SUv1…

Then…

was installed manually, and you do not use any transport or DLP rules,

it is recommended to install the Nov 2024 SUv2 to gain more granular control over the X-MS-Exchange-P2FromRegexMatch header.

was installed using Microsoft / Windows update and you do not use any transport or DLP rules,

in December 2024, the server will download and install the Nov 2024 SUv2.

was installed (manually or automatically) and then uninstalled to fix the issue with transport rules,

install the re-released Nov 2024 SUv2.

was never installed,

install the re-released Nov 2024 SUv2.

Microsoft also advises admins to always run the Exchange Health Checker script after installing security updates to detect common configuration issues known to cause performance issues and see if additional steps might be needed.

“Servers that get automatic updates from Windows Update will see the Nov 2024 SUv2 available,” the company added on Tuesday.

“Please note that we have delayed the release of the Nov 2024 SUv2 to Microsoft / Windows Update until December to prevent servers from automatically installing the Nov 2024 SUv2 over the US Thanksgiving holiday.”

The Nov 2024 SUv2 package also adds more granular control for “Non-RFC compliant P2 FROM header detection” designed to add warnings to malicious emails suspected of exploiting a high-severity Exchange Server vulnerability (CVE-2024-49040) that can let attackers forge legitimate senders to make malicious messages a lot more effective.

Redmond says CVE-2024-49040 exploitation detection and email warnings will be enabled by default on all servers where admins toggle on secure by default settings.