We have not released an update for Exchange 2016 today. For Exchange 2016 servers, follow Configure Windows Extended Protection in Exchange Server if Extended Protection is not already enabled in your organization. Please note that CVE 2024-21410 also applies to Exchange Server 2016. Our recommendation for securing the server published by the modern agent can be found here. On these servers, run Exchange Server CU14 setup in unattended mode and use the /DoNotEnableEP_FEEWS switch to not enable Extended Protection on the EWS front end virtual directory. Identify the Exchange Servers which are published via Modern Hybrid agent, by following the steps outlined in this section of documentation. Modern Hybrid agent is used to publish Exchange Server to the internet in hybrid scenario Check this table for your Public Folder scenario. Move all Public folders to currently supported versions, decommission Exchange Server 2013 which is out of support. Public folders hosted on Exchange Server 2013, 2016 CU22 (or older) or 2019 CU11 (or older) Use SSL bridging instead with the same SSL certificate as on Exchange Server IIS front end. If Extended Protection is enabled via Exchange Server CU14, the installer will take care of disabling SSL Offloading for Outlook Anywhere. SSL Offloading for Outlook Anywhere must be disabled. If you have servers that currently do not meet the prerequisites for EP, please see the following table: Please see Configure Windows Extended Protection in Exchange Server. On all other versions of Exchange that support it, enabling EP addresses this CVE. To address CVE-2024-21410 (also released today) – please allow CU14 Setup to enable Extended Protection (EP) on your Exchange 2019 servers. Support for TLS 1.3 will be released in CU15 later this year. We’re still testing and validating TLS 1.3 with Exchange Server and do not want to delay the release of CU14. We previously announced plans to support TLS 1.3 when running on Windows Server 2022 in CU14. The Exchange Server supportability matrix has been updated to reflect this change. NET Framework 4.8.1, which is only for Windows Server 2022 (and it cannot be installed on older versions). NET Framework 4.8.1 support on Windows Server 2022ĬU14 also introduces support for. To help you decide how to proceed, we are providing the following decision flow: Additional information can be found in the documentation. If you haven’t enabled EP yet, it is time to take this step and further secure your Exchange server environment. That said, we originally released Exchange Server EP support in August 2022. If that happens, you must either make the configuration changes to fulfill the prerequisites for EP (recommended), or use the EP script to disable EP on this server after Setup has completed (and in the future, use the Setup switch to opt-out of EP on all servers that do not yet meet EP prerequisites). If your servers are not ready for using EP (for example, they use SSL offloading or there are mismatches between client and server TLS configuration), and you do not opt out of EP enablement during Setup, it is possible that some functionality may break after installing CU14. Prerequisites for enabling Extended Protection on Exchange server.Exchange Server Health Checker script or the new PrerequisitesCheckOnly parameter in our ExchangeExtendedProtectionManagement.ps1 script.To validate that your organization is ready, please review the following before running Setup: While Setup enables EP by default, it does not validate that your organization is ready for or able to use EP. Please see the EP setup documentation for more information. This will happen when running the GUI version of Setup and when running the command line version of Setup without using either the /DoNotEnableEP or /DoNotEnableEP_FEEWS setup switch to opt out. Extended Protection enabled by defaultĪs announced in August 2023, by default, starting with CU14, Setup enables the Windows Extended Protection (EP) feature on the Exchange server being installed. CU14 includes fixes for customer reported issues, a security change, and all previously released Security Updates (SUs).Ī full list of fixes is contained in the KB article for CU14, but we also want to highlight a few changes in this CU. Today we are announcing the availability of the 2024 H1 Cumulative Update (CU) for Exchange Server 2019 (aka CU14).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |