Blog Post

Exchange Team Blog
3 MIN READ

Re-release of November 2024 Exchange Server Security Update packages

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Nov 27, 2024

Today we are re-releasing the November 2024 SUs for Exchange Server. The original release of these SUs (released on 11/12/2024) introduced an issue with Exchange Server transport rules stopping after a certain amount of time in some environments. The re-released SUs resolve this issue.

To help you understand how to move forward, in this post we use the following naming convention to distinguish between the original November 2024 SU and the re-release:

  • Nov 2024 SUv1: original November 2024 SU (released on 11/12/2024 with article KB5044062)
  • Nov 2024 SUv2: re-released November 2024 SU (released on 11/27/2024 with article KB5049233)

The following table describes the actions you need to take based on your environment:

If Nov 2024 SUv1…

Then…

was installed manually and you do not use any transport or DLP rules

OR

was installed manually and you had a problem with rules stopping but used some sort of workaround to keep the rules running

it is recommended to install the Nov 2024 SUv2 to gain more granular control over the X-MS-Exchange-P2FromRegexMatch header. Please see the FAQ below.

was installed using Microsoft / Windows update and you do not use any transport or DLP rules,

download and install the Nov 2024 SUv2 (it will not be released on Microsoft / Windows update for automatic installation).

was installed (manually or automatically) and then uninstalled to fix the issue with transport rules,

install the re-released Nov 2024 SUv2.

was never installed,

install the re-released Nov 2024 SUv2.

Download links are updated in the November 2024 SU announcement blog post.

For any additional actions you might need to take after installing the Nov 2024 SUv2, please see the original release blog post. You should always run Exchange Health Checker to see if any additional steps might be needed.

An issue reported during installation in January 2025

Over the last week, we have heard a number of customers with the following problem; please review this KB article if you have an error installing a November SU:

File version error when you try to install Exchange Server November 2024 SU

FAQs

We installed the original Nov 2024 SUv1 manually and had no problems. Do we need to install the Nov 2024 SUv2?
Yes. We recommend installing the Nov 2024 SUv2. Please see below for more details.

We installed the Nov 2024 SUv1 through Microsoft / Windows Update and had no problems. Will our server install the Nov 2024 SUv2 automatically?
No. Please see the Are Nov 2024 SUv2 packages going to be released on Windows / Microsoft update? question below.

What are the differences between the Nov 2024 SUv1 and Nov 2024 SUv2 packages?
The Nov 2024 SUv2 package resolves the transport rules issue introduced in the Nov 2024 SUv1 package. It also adds more granular control for “Non-RFC compliant P2 FROM header detection.”  More details can be found here.

Are Nov 2024 SUv2 packages going to be released on Windows / Microsoft update?
Because of the known issues after the installation (please see this KB article) we have decided not to release the updates on Windows / Microsoft update. While we have not seen many customers have this issue, the fact that the solution to the issue requires manual intervention means that we want our customers to deliberately install Nov 2024 SU packages.

Due to how we install updates, we need the update in the .msp format and not the .exe format. How can we get the .msp if the update is not published to Windows Update Catalog?
Extract the .msp by doing the following: download the .exe package you need to a workstation that does not have Exchange installed and double-click on it. The update will fail to install and display an error message, but a command line window will display where the package was extracted (usually a temporary folder). Copy the .msp file from the temporary folder before dismissing the error message (dismissing the error removes the files from the temporary folder).

The original Nov 2024 SU blog post, applicable CVEs, and our recommended actions post-installation still apply.

The Exchange Server Team

Updated Jan 28, 2025
Version 11.0
announcements
exchange 2016
exchange 2019
on premises
security

174 Comments

Show More
  • exch_admin's avatar
    exch_admin
    Copper Contributor
    Dec 03, 2024

    In our case, the installation of v2 has been stuck at Starting Services for over an hour now. The services cannot be started manually either. We have EX2019 CU14. Ticket opened with Microsoft.

     

  • andy1330's avatar
    andy1330
    Copper Contributor
    Dec 02, 2024

    Does the patch work with Exchange 2016 CU23 on Windows 2012 R2 with ESU?  System requirement says it is for Windows 2016/2019 only.  If it doesn't support Windows 2012 R2 with ESU, what is our option to address CVE 2024 49040?  thanks

    • Nino_Bilic's avatar
      Nino_Bilic
      Icon for Microsoft rankMicrosoft
      Dec 02, 2024

      We have not committed to this as of yet. We are still trying to fully understand the impact of this on our customer environments.

    • yyagi's avatar
      yyagi
      Copper Contributor
      Dec 13, 2024

      Hi LukasSMSFT 

      This worked but strange that I needed this yesterday (12/12), and I installed the SUv2 on (12/3). 
      One issue I'm still seeing is the Transport service keeps restarting, and I still have several messages stuck in the Poison queue. Most of these are for journaling and look to be encrypted. How do we clear out the poison queue? Looks to be the same issue Nick81008100 was having. I'd like to not have to uninstall the patch now that thing are mostly working. Except for the MS Transport service issue. 

      Thanks!

    • AC1CT's avatar
      AC1CT
      Copper Contributor
      Dec 02, 2024

      One thing that seems like it should work for this is to make a backup copy of the IanaTimeZoneMappings.xml file before you install KB5049233, and then after the KB has installed but before you reboot the server, put the backup copy (essentially the original file) back in place. That precludes the need to restart the services. You're already going to reboot the server, so just do the file switching before you reboot.

       

      I have a process I've used for years to install SU patches (using the MSP file) remotely. I've added this logic to the code and am trying it on a server in the lab now to make sure it results in the file without the duplicated entry in place. (On a different lab server, I ran the install without that logic, and verified that duplicated line is the only difference between the original file and the post-KB file.)

       

      With these steps, I'll have three files - IanaTimeZoneMappings.xml (the pre-KB version), preKB5049233_IanaTimeZoneMappings.xml (the pre-KB version), and postKB5049233_IanaTimeZoneMappings.xml (the post-KB version). Should allow for fallback if the need arises.

      • LukasSMSFT's avatar
        LukasSMSFT
        Icon for Microsoft rankMicrosoft
        Dec 03, 2024

        There are some changes in the IanaTimeZoneMappings.xml which were introduced to address: Kazakhstan changes to single time zone in 2024 - Microsoft Support

        If you replace the file which is dropped as part of the November 2024 SU, the change would be reverted. What you can do instead is to install the November 2024 SU, remove the duplicate entry and use this IanaTimeZoneMappings.xml then for further installations.

    • nwiegmann's avatar
      nwiegmann
      Copper Contributor
      Dec 02, 2024

      I can now confirm that after removing the entries and restarting the transport the issue with the crash of the transport service is fixed for us and the internal app with the calendar attachments works again. 

  • BogiB's avatar
    BogiB
    Copper Contributor
    Nov 28, 2024

    There is a lack of cases in your table above...

    What if Nov 2024 SUv1 is installed an WE HAVE Problems and WE USE Transport Rules?

     

    then....???

    • Nino_Bilic's avatar
      Nino_Bilic
      Icon for Microsoft rankMicrosoft
      Dec 03, 2024

      ...you can simply install Nov 2024 SUv2 on top of it. I did not include this in the table because I made an assumption that folks either did not go forward or uninstalled the update. I now added this scenario to the table.

      Our publicly released updates are always cumulative. You can always go from previous SU > later SU (providing that the later SU is available for the base CU you have installed).

  • ExchangeUser's avatar
    ExchangeUser
    Copper Contributor
    Nov 28, 2024

    We installed the "V2" Patch yesterday evening, now we have an issue of Delyed mails inside the organization, internal mail not flowing, Restarting the "Microsoft Exchange RPC Client Access" is the only thing that "fix" the issus.

    i noticed event 7031 "The Microsoft Exchange Mailbox Transport Delivery service terminated unexpectedly" 

    going to uninstall it later today.

    something is very wrong with this update.

    • JimRedbeard's avatar
      JimRedbeard
      Copper Contributor
      Dec 02, 2024

      I think Microsoft is focused more on DEI than quality control.

    • LukasSMSFT's avatar
      LukasSMSFT
      Icon for Microsoft rankMicrosoft
      Dec 02, 2024

      Do you still see the issue of delayed mail flow after following the steps in the KB?

    • nwiegmann's avatar
      nwiegmann
      Copper Contributor
      Nov 28, 2024

      I can confirm issues with the transportservice, that exist in the V1 and V2.

      In our case we got mail from internall app that includes .ical Files for calender entries. Those mails got all send to Poision Queue since V1 update. And sometime they cause a restart of Transport Service.

      The transport process failed during message processing with the following call stack: Microsoft.Exchange.ExchangeSystem.InvalidTimeZoneException: Time zone id already exists

      We suspended all queues removed the mails from that app and resumed the queues.

      Today we had 4hours of downtime because of this. We therefore installed the V2 patch and hoped it would fix the issue but the issues stays the same. Even with the disabled P2From decetion via Settings override. 

      We now had to stopp the internal app to send mails at all. But from our understanding this could happen with any mail containing .ical attachment

      • Davyd_'s avatar
        Davyd_
        Copper Contributor
        Nov 28, 2024

         

        can confirm that there is a problem with messages from google calendar getting into the poisoning queue - however, this happens both on servers with the November v1 fix and with the April one. I'm not sure if the problem is reproducible with v2. 
        Most of the messages have attachments .ics and are event cancellation messages.

         

        Mix of exchange 2016 Cu23 and 2019 Cu14

  • ImJimmyBye's avatar
    ImJimmyBye
    Copper Contributor
    Nov 27, 2024

    When will this be added to the Microsoft Update Catalog? All links still point to KB5044062 and the new KB isn't on there. Is the upload to Microsoft Update Catalog delayed until December in line with the comment relating to Microsoft / Windows Update being delayed? 

    • Nino_Bilic's avatar
      Nino_Bilic
      Icon for Microsoft rankMicrosoft
      Nov 27, 2024

      Yes; Microsoft Update & Update Catalog are basically one process. We wanted to delay automatic update downloads until next week...

      Why do you need the Update Catalog? You can download the .EXE and extract the .MSP if that is what you need. I just tried it: download the .EXE to any workstation that does not even have Exchange installed. Double click on it. It might UAC prompt, approve that. It will open a CMD window and throw an error but the CMD window will show you where the .msp was extracted (in my case, C:\Users\(username)\AppData\Local\Temp\) - simply grab the .msp from there before cancelling the installation / pressing OK on the error popup (which will initiate the cleanup of the temp folder).

      • ImJimmyBye's avatar
        ImJimmyBye
        Copper Contributor
        Nov 27, 2024

        It's more related to firewall restrictions and usb transfer restrictions for my work environment, as well as file type download restrictions. But I'll work something out, thanks!

  • 4ppl3c0r3's avatar
    4ppl3c0r3
    Iron Contributor
    Nov 27, 2024

    Exchange 2019 CU14 Apr24HU -> Exchange 2019 CU14 Nov24SUv2 updated successfully.

    Thank you!

    • ceantuco's avatar
      ceantuco
      Iron Contributor
      Nov 27, 2024

      you are brave my friend. Thank you! please let us know if you encounter any issues. 

      • 4ppl3c0r3's avatar
        4ppl3c0r3
        Iron Contributor
        Nov 27, 2024

        Either brave or stupid, but with CVE-2024-49040 in the wild and actively being exploited (as reported by others); I'd rather give the The_Exchange_Team the benefit of the doubt on this v2.