Update 10/10/2023: Our recommendation to address CVE-2023-21709 is now changed; please see the changes below.
Update 9/12/2023: As a part of the September 2023 "Patch Tuesday" we have released a fe...
Updated Oct 10, 2023
Version 18.0
Blog Post
Questions regarding AES256-CBC.
1) This article explains how to enable AES256-CBC but how would you reverse these changes if there was an issue ? https://support.microsoft.com/en-us/topic/enable-support-for-aes256-cbc-encrypted-content-in-exchange-server-august-2023-su-add63652-ee17-4428-8928-ddc45339f99e
2) Since "Exchange Server doesn't support decrypting content that uses AES256-CBC", what are some scenarios where Exchange Server may receive this content ? Is the source strictly from Microsoft Purview Information Protection in a hybrid environment or can it come from elsewhere? We're trying to understand our exposure to on-prem Exchange servers since this change has been made to Microsoft Purview Information Protection as of August 2023.