Forum Discussion
CVE-2024-49040: Mitigating a Critical Microsoft Exchange Server Vulnerability
CVE-2024-49040 is a spoofing vulnerability identified in Microsoft Exchange Server versions 2016 and 2019. This flaw allows attackers to forge legitimate sender addresses on incoming emails, potentially making malicious messages appear trustworthy. The vulnerability arises from improper verification of the P2 FROM header during email transport, permitting non-RFC 5322 compliant headers to pass through and be displayed as legitimate by email clients like Microsoft Outlook.
Recommended Mitigation Steps
To protect your organization from this vulnerability, consider the following steps:
- Apply Security Patches:
- Enhance Email Security:
- Educate Users:
- Implement Strong Password Policies:
- Monitor Network Traffic:
By taking these steps, organizations can significantly reduce the risk of exploitation and protect their sensitive data. It is essential to stay informed about the latest security threats and to adopt a proactive approach to cybersecurity.
These patches are available in WSUS. If the concerned team has not yet synchronized, please proceed with the synchronization and apply the latest patches. Alternatively, you can find these patches on the official
Note: These patches are applicable for the following Exchange versions:
- Microsoft Exchange Server 2016 Cumulative Update 23
- Microsoft Exchange Server 2019 Cumulative Update 14
- Microsoft Exchange Server 2019 Cumulative Update 13
Can this be used in a hybrid environment to relay attacks through EXO?
I am seeing squiffy sender domains (e.g. intra-domain<space>dept) from outbound.protection.outlook.com servers.
Yes, it can be in a hybrid environment, especially if some mailboxes are on-premises while others are in Exchange Online. Alternatively, mailboxes can be entirely on-premises but configured in either a full or classic hybrid model..
