Microsoft has announced that it is stopping for the time being the distribution of a security update focused on a spoofing vulnerability in Exchange Server. This is due to customer issues that lead set transport rules to malfunction which is detrimental to mail delivery. The vulnerability (CVE-2024-49040) allows an attacker to weaponize the Exchange servers and spoof over them.
This security lapse is created due to “The P2 FROM header verification* during transport” which is also how the flaw is currently implemented. The P2 FROM header in e-mail is that header section of an e-mail message which appears on the email address of the recipient within his/her email programme. According to Microsoft, “The current implementation permits some non-RFC 5322 compliant P2 FROM headers to pass through, which may allow an email client, such as Microsoft Outlook, to present a spoofed sender as an authentic one .”
Microsoft emergency patches, however, do not resolve the spoofing leak. They use however, Chrome and other browsers and display warning signs to users covering emails that may exploit the breach. An update to security notices from Microsoft reveals that clients have functional issues after applying the security patch. In particular, on several occasions transport rules that were configured were not retained in working order.
This, in particular, concerns organizations with owned transport or DLP rules. Such customers may have to remove the security update and wait for a new one to be released.
