Security updates have been released for Exchange 2016 and Exchange 2019.
The updates fix the following vulnerability and implements a security advisory;
- CVE-2024-49040: Microsoft Exchange Server Elevation of Privilege Vulnerability
The vulnerability currently is publicly disclosed but not yet exploited. As it is rated “Exploitation More Likely”, it is highly recommended to update as soon as possible.
The update also comes with the following new features;
- MSIPC enabled by default in Exchange Server 2019 and 2016 – Microsoft Support
- AMSI integration with Exchange Server | Microsoft Learn
- Digital certificates and encryption in Exchange Server | Microsoft Learn
- Exchange Server non-Compliant P2 FROM header detection | Microsoft Learn
In addition, there are 9 non-security fixes included in this update.
View: Exchange Blog: Released: November 2024 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019 and 2016: November 12, 2024 (KB5044062)
Exchange 2019 CU14 SU3 – Download
Exchange 2019 CU13 SU7 – Download
Exchange 2016 CU23 SU14 – Download