News: 1731673755

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Microsoft Exchange update fixes security flaws, breaks other stuff

(2024/11/15)


Microsoft is pausing the rollout of an Exchange security update after it became clear that the patch could break transport rules for some customers.

The [1]November 2024 Security Updates deal with various vulnerabilities in Microsoft's email server. While Exchange Online is already protected, customers using Exchange in a hybrid mode or fully on-premises must install the patches.

That is, unless the patches are abruptly pulled. On November 14, Microsoft admitted that customers with their own transport or data loss protection (DLP) rules found that the transport rules were "stopping periodically" after the update was installed. The company then "temporarily paused the rollout" of the update.

[2]

Some affected users have [3]reported that, in a worst case scenario, email may stop flowing altogether. Obviously implementation varies widely from org to org, and only a subset of users are affected. Microsoft has noted that "Customers who might not use Transport or DLP rules and did not run into the issue with rules, can continue using the November SU update."

[4]

[5]

The Register contacted Microsoft for more detail on the failure modes and we will update this article should the company respond."

The mail must flow

DLP focuses on securing critical information in Exchange Server, with DLP policies being simple packages containing a collection of transport rules. Transport rules, also known as mail flow rules, are similar to those used in Outlook, governing actions on mail as it arrives in a user's mailbox. The main difference is that the rules are applied to messages in transit before they are delivered to the user.

Transport rules are helpful for enterprises since they can enforce compliance and deal with mail exceptions before a user lays eyes on the message. They can inspect attachments, add prefixes to message subjects, insert disclaimers into message bodies, and perform other functions. Assuming, of course, the rules are actually working.

[6]Microsoft Power Pages misconfigurations exposing sensitive data

[7]Microsoft finally releases a direct-download Windows 11 on Arm ISO

[8]Microsoft 365 Copilot goes monthly for a 5% premium and annual commitment

[9]Microsoft slips Task Manager and processor count fixes into Patch Tuesday

Social media forums, such as [10]Reddit , were abuzz with complaints about transport rules failing to function after the security update was installed. Some users reported a temporary restoration of functionality after restarting the service, but the issue recurred. Microsoft's advice to affected users is to uninstall the update and await a re-release.

Microsoft deserves credit for quickly pulling the faulty update, though it clearly needs to reevaluate its testing practices – Exchange's transport rules function is key for many organizations, and breaking such a critical function with a mandatory security update reflects poorly on the Windows giant's quality control.

Microsoft has [11]urged organizations to protect Exchange Servers from cyberattacks by keeping them updated with the latest security updates. Exchange's problematic security was a factor in [12]delaying the next version until 2025. ®

Get our [13]Tech Resources



[1] https://techcommunity.microsoft.com/blog/exchange/released-november-2024-exchange-server-security-updates/4293125

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zzd-MdFJjItPH3TcefBc3AAAANI&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://www.reddit.com/r/exchangeserver/comments/1graot8/mail_not_flowing_all_of_the_sudden/

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zzd-MdFJjItPH3TcefBc3AAAANI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zzd-MdFJjItPH3TcefBc3AAAANI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2024/11/15/microsoft_power_pages_misconfigurations/

[7] https://www.theregister.com/2024/11/14/windows_11_arm_iso/

[8] https://www.theregister.com/2024/11/14/microsoft_365_copilot_monthly/

[9] https://www.theregister.com/2024/11/13/microsoft_task_manager_patch_tuesday/

[10] https://www.reddit.com/r/exchangeserver/

[11] https://www.theregister.com/2023/01/28/microsoft_patch_exchange_servers/

[12] https://www.theregister.com/2022/06/06/next_exchange_server_due_2025/

[13] https://whitepapers.theregister.com/



yo-yo patching

Kevin Johnston

When you have a company which is notorious for treating security as a bolt-on extra it becomes very difficult to take anything they say about security requirements seriously. As for the 'reevaluate its testing practices' that has to be clickbait after the near-daily articles on this esteemed publication about MS using customers for beta testing

Re: yo-yo patching

Anonymous Coward

Feels like the yo-yo CoPilots are patching [1]the asylum IMHO.

[1] https://www.theregister.com/2024/11/11/windows_server_2025_opinion/

Doctor Syntax

TMMM should be mandatory reading for all Microsofties from the very top donw. Particularly the very top. Start by paying attention to the bit about the tar pit.

Lee D

Microsoft, please listen.

Alpha channel.

Beta channel.

Release channel.

Things like this should not be discovered ON PRODUCTION SYSTEMS.

Channels

original_rwg

Ah the old days when we only had three channels and you had to cross the room to change it....

Re: Channels

Doctor Syntax

Three channels? We only had two.

Re: Channels

Will Godfrey

What are these 'channels' you speak of?

Is this stuff even newsworthy any more?

m4r35n357

More like a weather forecast than a news story ;)

it clearly needs to reevaluate its testing practices

StinkyMcStinkFace

LOL!!!! The What?

That's where the money was.
-- Willie Sutton, on being asked why he robbed a bank

It's a rather pleasant experience to be alone in a bank at night.
-- Willie Sutton