Today we are announcing the availability of the 2024 H1 Cumulative Update (CU) for Exchange Server 2019 (aka CU14). CU14 includes fixes for customer reported issues, a security change, and all previo...
Updated Feb 22, 2024
Version 11.0
Blog Post
Nino_Bilic Relay I mean Exchange Server Mail relay which is being used Internal applications to send emails to Exchange servers.
FYI - We do not host any mailboxes on Exchange server so our users are not connecting to directly from Exchange server outlook.
Are we still impacting by this CVE? Does Client really require credentials to connect to Exchange server or as per my understanding they directly connected through Relay hostname and Port 25 without any credentials.
I have exchange 2016 CU23 + Latest SU so I can say our version is still protected. However, I am going to enable EP.
I already ran the HC and found below TLS entries not configured, however we still have TLS1.0, 1.1 and 1.2 enabled and I think we are enforcing TLS 1.2
so if any legacy client is not supporting will it be fallback to lower version on exchange server.
What this SchUseStrongCypto Key will exactly do? it will enforce to use TLS1.2 or latest ciphers and block the connection if any of the client is not using.
HKLM\Software\WOW6432Node\Microsoft\.NetFramework\v2.0.50727 - no SchUseStrongCypto and SystemDefaultTLSversion entry present.
HKLM\Software\WOW6432Node\Microsoft\.NetFramework\v4.0.30319\ only SystemDefaultTLSVersions entry is there no SchUseStrongCypto