Add CVE-2024-49040 check

microsoft · Nov 12, 2024 · 9f116af · 9f116af
1 parent 0db1bdc
commit 9f116af
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 3 deletions.
diff --git a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1 b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1
@@ -0,0 +1,55 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+. $PSScriptRoot\..\Add-AnalyzedResultInformation.ps1
+function Invoke-AnalyzerSecurityCve-2024-49040 {
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [ref]$AnalyzeResults,
+
+        [Parameter(Mandatory = $true)]
+        [object]$SecurityObject,
+
+        [Parameter(Mandatory = $true)]
+        [object]$DisplayGroupingKey
+    )
+    begin {
+        Write-Verbose "Calling: $($MyInvocation.MyCommand)"
+        $exchangeInformation = $SecurityObject.ExchangeInformation
+        $organizationInformation = $SecurityObject.OrgInformation
+        $exchangeBuild = $exchangeInformation.BuildInformation.VersionInformation.BuildVersion
+        # cSpell:disable
+        # Need to disable cSpell because this is the name of the override
+        $filterParameterName = "AddDisclaimerforRegexMatch"
+        # cSpell:enable
+    }
+    process {
+        $params = @{
+            ExchangeSettingOverride = $exchangeInformation.SettingOverrides
+            GetSettingOverride      = $organizationInformation.GetSettingOverride
+            FilterServer            = $exchangeInformation.GetExchangeServer.Name
+            FilterServerVersion     = $exchangeBuild
+            FilterComponentName     = "Transport"
+            FilterSectionName       = "NonCompliantSenderSettings"
+            FilterParameterName     = $filterParameterName
+        }
+        [array]$nonCompliantSenderSettings = Get-FilteredSettingOverrideInformation @params
+
+        $overrideDisabled = $nonCompliantSenderSettings.Count -gt 0 -and
+            ($null -ne ($nonCompliantSenderSettings | Where-Object { $_.ParameterValue -eq "false" }))
+        $isSuApplied = (Test-ExchangeBuildGreaterOrEqualThanSecurityPatch -CurrentExchangeBuild $SecurityObject.BuildInformation -SUName "Nov24SU")
+
+        if (-not $isSuApplied -or $overrideDisabled) {
+            $params = @{
+                AnalyzedInformation = $AnalyzeResults
+                DisplayGroupingKey  = $DisplayGroupingKey
+                Name                = "Security Vulnerability"
+                Details             = ("{0} - Override Is Set: $overrideDisabled`r`n`t`tSee: https://portal.msrc.microsoft.com/security-guidance/advisory/{0} for more information." -f "CVE-2024-49040")
+                DisplayWriteType    = "Red"
+                DisplayTestingValue = "CVE-2024-49040"
+            }
+            Add-AnalyzedResultInformation @params
+        }
+    }
+}
diff --git a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCveCheck.ps1 b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCveCheck.ps1
@@ -9,6 +9,7 @@
 . $PSScriptRoot\Invoke-AnalyzerSecurityCve-2022-21978.ps1
 . $PSScriptRoot\Invoke-AnalyzerSecurityCve-2023-36434.ps1
 . $PSScriptRoot\Invoke-AnalyzerSecurityCveAddressedBySerializedDataSigning.ps1
+. $PSScriptRoot\Invoke-AnalyzerSecurityCve-2024-49040.ps1
 . $PSScriptRoot\Invoke-AnalyzerSecurityCve-MarchSuSpecial.ps1
 . $PSScriptRoot\Invoke-AnalyzerSecurityExtendedProtectionConfigState.ps1
 . $PSScriptRoot\Invoke-AnalyzerSecurityIISModules.ps1
@@ -211,6 +212,7 @@ function Invoke-AnalyzerSecurityCveCheck {
     Invoke-AnalyzerSecurityCveAddressedBySerializedDataSigning -AnalyzeResults $AnalyzeResults -SecurityObject $securityObject -DisplayGroupingKey $DisplayGroupingKey
     Invoke-AnalyzerSecurityCve-MarchSuSpecial -AnalyzeResults $AnalyzeResults -SecurityObject $securityObject -DisplayGroupingKey $DisplayGroupingKey
     Invoke-AnalyzerSecurityADV24199947 -AnalyzeResults $AnalyzeResults -SecurityObject $securityObject -DisplayGroupingKey $DisplayGroupingKey
+    Invoke-AnalyzerSecurityCve-2024-49040 -AnalyzeResults $AnalyzeResults -SecurityObject $securityObject -DisplayGroupingKey $DisplayGroupingKey
     # Make sure that these stay as the last one to keep the output more readable
     Invoke-AnalyzerSecurityExtendedProtectionConfigState -AnalyzeResults $AnalyzeResults -SecurityObject $securityObject -DisplayGroupingKey $DisplayGroupingKey
 }
diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1
@@ -144,11 +144,11 @@ Describe "Testing Health Checker by Mock Data Imports - Exchange 2016" {
             $cveTests.Contains("CVE-2020-1147") | Should -Be $true
             $cveTests.Contains("CVE-2023-36039") | Should -Be $true
             $cveTests.Contains("ADV24199947") | Should -Be $true
-            $cveTests.Count | Should -Be 51
+            $cveTests.Count | Should -Be 52
             $downloadDomains = GetObject "CVE-2021-1730"
             $downloadDomains.DownloadDomainsEnabled | Should -Be "false"
 
-            $Script:ActiveGrouping.Count | Should -Be 58
+            $Script:ActiveGrouping.Count | Should -Be 59
         }
     }
 

diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1
@@ -157,7 +157,7 @@ Describe "Testing Health Checker by Mock Data Imports" {
             $cveTests.Contains("CVE-2023-36434") | Should -Be $true
             $cveTests.Contains("CVE-2023-36039") | Should -Be $true
             $cveTests.Contains("ADV24199947") | Should -Be $true
-            $cveTests.Count | Should -Be 51
+            $cveTests.Count | Should -Be 52
             $downloadDomains = GetObject "CVE-2021-1730"
             $downloadDomains.DownloadDomainsEnabled | Should -Be "False"
             TestObjectMatch "Extended Protection Vulnerable" "True" -WriteType "Red"