Microsoft has released Security Updates (SUs) for vulnerabilities found in:
Exchange Server 2019
Exchange Server 2016
SUs are available for the following specific versions of Exchange Serve...
Updated Oct 12, 2023
Version 8.0
Blog Post
After install this SU,
Need follow step?
https://support.microsoft.com/en-gb/topic/enable-support-for-aes256-cbc-encrypted-content-in-exchange-server-august-2023-su-add63652-ee17-4428-8928-ddc45339f99e
----------------------------------------------------------------
1. access right
$acl = Get-Acl -Path "HKLM:\SOFTWARE\Microsoft\MSIPC\Server"
$rule = New-Object System.Security.AccessControl.RegistryAccessRule((New-Object System.Security.Principal.SecurityIdentifier("S-1-5-20")), 983103, 3, 0, 0)
$acl.SetAccessRule($rule)
Set-Acl -Path "HKLM:\SOFTWARE\Microsoft\MSIPC\Server" -AclObject $acl
2. re-execute GenConnectorCOnfig.ps1 if using AzRMS
3. Setting override
New-SettingOverride –Name "EnableMSIPC" -Component Encryption –Section UseMSIPC –Parameters @("Enabled=true") -Reason "Enabling MSIPC stack"
New-SettingOverride -Name "EnableEncryptionAlgorithmCBC" -Parameters ("Enabled=True") -Component Encryption -Reason "Enable CBC encryption" -Section EnableEncryptionAlgorithmCBC
4, Refresh VariantConfiguration
Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh
5. Restart service
Restart-Service -Name W3SVC,WAS -Force