Blog Post

Exchange Team Blog
3 MIN READ

Released: March 2024 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Mar 12, 2024
Update 4/23/2024: We have now released April 2024 Hotfix Updates which address known issues in March 2024 SU updates. Microsoft has released Security Updates (SUs) for vulnerabilities found in: ...
Updated Apr 23, 2024
Version 8.0
announcements
exchange 2016
exchange 2019
on premises
security
adixro's avatar
adixro
Brass Contributor
Mar 27, 2024

My 2c on this or any other update affecting on premises servers while looking after 50k or so on prem stuff while migrated 20k or so.

 

1.My aim is to apply any security update asap.

2. Then trying to test any update in a test environment, however don't have time/luxury to test all possible scenarios.

3. This time there are many issues and I would suggest to read the whole thread first.

4. I completely agree with all here that there is some quality control lacking on MS side when releasing patches that break on prem premises.

 

So my options are:

- I have to explain to higher-ups that I am OK to patch anytime but there will be couple of major issues (cosmetic or not). Maybe the decision is to wait or not. Functionality vs Security.

- maybe MS comes with some fix really fast

 

EXO seems to be the way we are getting guided towards, but I have encountered way more functional issues than I have ever had to deal with once going to hybrid and started migrating. So sharing some thoughts before the thread gets locked.

Just sharing some items that might help some (based on resolved or pending tickets):

- Outlook Mac fails GAL lookup due to EP ( that was a long back and forth and frustrating process with MS support until MS tweaked their own EP docs)

- MS disregarding MX records pointing to on prem and delivering straight into EXO envir because of "shared customers MS environment/datacenter locations". That was a disappointment and finicky workarounds.

- Send as alias introducing issues (well it might be still a "beta") and OOO and redir leaking addresses as onmicrosoft.com to external recipients instead of actual domain for those types of messages,

- MS Teams free busy glitch in hybrid for on prem user calendar availability (no resolution on this one as I have understood..rather than migrate all)

- terrible daily throttling EOP delivery to EXO via hybrid connector to EXO for specific environment when sudden uptick on message rate.

 

I might have no choice than to patiently wait for a patch to fix the patch.

 

Research before patching if possible.

 

I guess things can break, so lets give MS some slack while they are looking into this issue.