Guten Morgen zusammen, diese Informationen beziehen sich auf Exchange 2019. Bevor Ihr euch nun auf die Suche nach diesem Patch macht möchte ich diese Information mit Euch teilen: ******************* Hello Thomas, Thank you for your time and collaboration today. This support request will now be archived. If you have further problems within the scope of this issue, please do reopen the support request. Your feedback is important to us. Let me a comment will be a pleasure to read about :) After this interaction you will receive a separate closure email with an opportunity to tell us about your experience. In addition, if you would like to discuss any feedback you can contact me or my manager using the contact information in my signature. Below is a summary of the support request for your records: Symptom: CVE 2024 21410 Where can we have the fix SU for the CVE Cause: Actually there is no SU, since its already patched when the EP Extended Protection is Enabled. Released: 2024 H1 Cumulative Update for Exchange Server - Microsoft Community Hub <https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2024-h1-cumulative-update-for-exchange-server/ba-p/4047506> CVE-2024-21410 information To address CVE-2024-21410 <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410> (also released today) – please allow CU14 Setup to enable Extended Protection (EP) on your Exchange 2019 servers. On all other versions of Exchange that support it, enabling EP addresses this CVE. Please see Configure Windows Extended Protection in Exchange Server <https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection> . More information: Verification of the healthchecker, EP Extended protection is Enabled - No CVE 2024 21410 viewed just the following : Security Vulnerability: Download Domains are not configured. You should configure them to be protected against CVE-2021-1730. Good article about. <https://www.alitajran.com/cve-2021-1730-vulnerability/> Released: May 2021 Exchange Server Security Updates - Microsoft Community Hub <https://techcommunity.microsoft.com/t5/exchange-team-blog/released-may-2021-exchange-server-security-updates/ba-p/2335209> No issue to wait March for the deployment CU 14. Thank you again for contacting us and I wish you a great day. Regards - Cordialement, Dany DYM Microsoft Exchange On-Premises Support Engineer +40 (31) 1330820 Email: danyjoeldym@microsoftsupport.com <mailto:alin.mihalcea@microsoft.com> Manager: Daniela Colmer (daniela.colmer@microsoft.com <mailto:daniea@microsoft.com> ) ******************* D.h. installiertes CU13 mit aktivierter EP Extended protection. Viele Grüße Thomas -----Original Message----- From: Bernd Kohler <kohler@itc.rwth-aachen.de> Sent: Thursday, February 15, 2024 8:16 AM To: rwth-security@lists.RWTH-Aachen.DE Subject: [rwth-security] Critical Exchange Server Flaw (CVE-2024-21410) Under Active Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation" --> vorgestern war Patch Tuesday ;) VG Bernd [0] https://thehackernews.com/2024/02/critical-exchange-server-flaw-cve-2024.htm... -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler@itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen