Guten Morgen zusammen,

diese Informationen beziehen sich auf Exchange 2019. Bevor Ihr euch nun auf die Suche nach diesem Patch macht möchte ich diese Information mit Euch teilen:

******************* Hello Thomas,

Thank you for your time and collaboration today.

This support request will now be archived. If you have further problems within the scope of this issue, please do reopen the support request.

Your feedback is important to us. Let me a comment will be a pleasure to read about :)

After this interaction you will receive a separate closure email with an opportunity to tell us about your experience. In addition, if you would like to discuss any feedback you can contact me or my manager using the contact information in my signature.

Below is a summary of the support request for your records:

Symptom: CVE 2024 21410 Where can we have the fix SU for the CVE

Cause: Actually there is no SU, since its already patched when the EP Extended Protection is Enabled. Released: 2024 H1 Cumulative Update for Exchange Server - Microsoft Community Hub https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2024-h1-cumulative-update-for-exchange-server/ba-p/4047506

CVE-2024-21410 information

To address CVE-2024-21410 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410 (also released today) – please allow CU14 Setup to enable Extended Protection (EP) on your Exchange 2019 servers. On all other versions of Exchange that support it, enabling EP addresses this CVE. Please see Configure Windows Extended Protection in Exchange Server https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection .

More information: Verification of the healthchecker, EP Extended protection is Enabled - No CVE 2024 21410 viewed just the following :

Security Vulnerability: Download Domains are not configured. You should configure them to be protected against CVE-2021-1730.

Good article about. https://www.alitajran.com/cve-2021-1730-vulnerability/ Released: May 2021 Exchange Server Security Updates - Microsoft Community Hub https://techcommunity.microsoft.com/t5/exchange-team-blog/released-may-2021-exchange-server-security-updates/ba-p/2335209

No issue to wait March for the deployment CU 14.

Thank you again for contacting us and I wish you a great day.

Regards - Cordialement, Dany DYM Microsoft Exchange On-Premises Support Engineer +40 (31) 1330820 Email: danyjoeldym@microsoftsupport.com mailto:alin.mihalcea@microsoft.com Manager: Daniela Colmer (daniela.colmer@microsoft.com mailto:daniea@microsoft.com ) *******************

D.h. installiertes CU13 mit aktivierter EP Extended protection.

Viele Grüße

Thomas

-----Original Message----- From: Bernd Kohler kohler@itc.rwth-aachen.de Sent: Thursday, February 15, 2024 8:16 AM To: rwth-security@lists.RWTH-Aachen.DE Subject: [rwth-security] Critical Exchange Server Flaw (CVE-2024-21410) Under Active

Hallo zusammen,

sofern nicht selber schon gesehen/-lesen hier [0] FYI

"Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation"

--> vorgestern war Patch Tuesday ;) VG

Bernd

[0] https://thehackernews.com/2024/02/critical-exchange-server-flaw-cve-2024.htm...