Microsoft has released security updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
IMPORTANT: Updates are released in a self-extrac...
Updated Aug 11, 2022
Version 8.0
Blog Post
*** Update: Answered questions on my own π***
*** Update2: Tested different scenarios***
Hi.
My Ex2019 CU12 with AUG patch has build:
Version: Exchange 2019 CU12
Build Number: 15.02.1118.010
Question 1: I can`t apply script for EP because revision is not 11 or 12 but 10
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/ExchangeExtendedProtectionManagement/DataCollection/Get-ExtendedProtectionConfiguration.ps1 --> Line: 244
Is this error? All other checks show: ConfigSupported: TRUE
MS re-uploaded correct EXE so now it`s OK
Question 2: We know about ssl offloading issue, what about ssl bridging?
SSL bridging works OK after I copied Letsencrypt cert from loadbalancer to Exchange. Got myself few scripts to automate this. After that enabled EP all fine.
EP excludes AutoDiscover virtual directories, so you can have different certs for autodiscover on loadbalancer and exchange:
autodiscover.domain.com and mail.domain.com on exchange and autodiscover.domain.com AND autodiscover.otherdomain.com on loadbalancer.
Tested and working with: OWA, different mobile devices, Outlook 2019/2021 on Windows 10.
Question 3: We have TLS 1.3 on load balancer and connect to backend DAG via SSL but use TLS 1.2, will this be issue?
Short answer: NO! It will work just fine as long as exchange and loadbalancer certs match.
CLIENT HTTPS TLS1.3 --> Loadbalancer --> EXCHANGE HTTPS TLS 1.2 == OK
Thanks!
I hope it helps someone π