From c96e1ac0b3e67c953e9fd537083ae5eef6b28a92 Mon Sep 17 00:00:00 2001 From: David Paulson Date: Mon, 25 Nov 2024 11:11:34 -0600 Subject: [PATCH 1/4] NovSUv2 Build Numbers --- Shared/Get-ExchangeBuildVersionInformation.ps1 | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/Shared/Get-ExchangeBuildVersionInformation.ps1 b/Shared/Get-ExchangeBuildVersionInformation.ps1 index 68f544cb0..feb26008f 100644 --- a/Shared/Get-ExchangeBuildVersionInformation.ps1 +++ b/Shared/Get-ExchangeBuildVersionInformation.ps1 @@ -127,14 +127,14 @@ function Get-ExchangeBuildVersionInformation { $cuReleaseDate = "02/13/2024" $supportedBuildNumber = $true } - (GetBuildVersion $ex19 "CU14" -SU "Nov24SU") { $latestSUBuild = $true } + (GetBuildVersion $ex19 "CU14" -SU "Nov24SUv2") { $latestSUBuild = $true } { $_ -lt (GetBuildVersion $ex19 "CU14") } { $cuLevel = "CU13" $cuReleaseDate = "05/03/2023" $supportedBuildNumber = $true $orgValue = 16761 } - (GetBuildVersion $ex19 "CU13" -SU "Nov24SU") { $latestSUBuild = $true } + (GetBuildVersion $ex19 "CU13" -SU "Nov24SUv2") { $latestSUBuild = $true } { $_ -lt (GetBuildVersion $ex19 "CU13") } { $cuLevel = "CU12" $cuReleaseDate = "04/20/2022" @@ -226,7 +226,7 @@ function Get-ExchangeBuildVersionInformation { $cuReleaseDate = "04/20/2022" $supportedBuildNumber = $true } - (GetBuildVersion $ex16 "CU23" -SU "Nov24SU") { $latestSUBuild = $true } + (GetBuildVersion $ex16 "CU23" -SU "Nov24SUv2") { $latestSUBuild = $true } { $_ -lt (GetBuildVersion $ex16 "CU23") } { $cuLevel = "CU22" $cuReleaseDate = "09/28/2021" @@ -713,6 +713,7 @@ function GetExchangeBuildDictionary { "Mar24SU" = "15.1.2507.37" "Apr24HU" = "15.1.2507.39" "Nov24SU" = "15.1.2507.43" + "Nov24SUv2" = "15.1.2507.44" }) } "Exchange2019" = @{ @@ -813,11 +814,13 @@ function GetExchangeBuildDictionary { "Mar24SU" = "15.2.1258.32" "Apr24HU" = "15.2.1258.34" "Nov24SU" = "15.2.1258.38" + "Nov24SUv2" = "15.2.1258.39" }) "CU14" = (NewCUAndSUObject "15.2.1544.4" @{ - "Mar24SU" = "15.2.1544.9" - "Apr24HU" = "15.2.1544.11" - "Nov24SU" = "15.2.1544.13" + "Mar24SU" = "15.2.1544.9" + "Apr24HU" = "15.2.1544.11" + "Nov24SU" = "15.2.1544.13" + "Nov24SUv2" = "15.2.1544.14" }) } } From c8344088914957340b741d02fbb193a83cd2704e Mon Sep 17 00:00:00 2001 From: David Paulson Date: Mon, 25 Nov 2024 11:35:23 -0600 Subject: [PATCH 2/4] Update pester testing for Nov24SUv2 The previous version was pulled, so we are going to mark it as not secure --- Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1 b/Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1 index 0500a91cb..2cf2d696c 100644 --- a/Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1 +++ b/Shared/Tests/Get-ExchangeBuildVersionInformation.Tests.ps1 @@ -194,7 +194,7 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" { $latestSU.FriendlyName.Substring(0, $latestSU.FriendlyName.Length - 2) | Should -Be $secondSU.FriendlyName } # This test could change depending on the reason for the v2 release. - $secondSU.LatestSU | Should -Be $true + $secondSU.LatestSU | Should -Be $false #This would need to be true on the next SU release. } } } @@ -231,7 +231,7 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" { $latestSupportedSU.FriendlyName.Substring(0, $latestSupportedSU.FriendlyName.Length - 2) | Should -Be $secondSU.FriendlyName } # This test could change depending on the reason for the v2 release. - $secondSU.LatestSU | Should -Be $true + $secondSU.LatestSU | Should -Be $false #This would need to be true on the next SU release. } $latestUnsupportedSUs = (GetExchangeBuildDictionary)["Exchange2019"][$unSupportedCU.CU].SU.Values | @@ -281,7 +281,7 @@ Describe "Testing Get-ExchangeBuildVersionInformation.ps1" { $latestSU.FriendlyName.Substring(0, $latestSU.FriendlyName.Length - 2) | Should -Be $previousSU.FriendlyName } # This test could change depending on the reason for the v2 release. - $previousSU.LatestSU | Should -Be $true + $previousSU.LatestSU | Should -Be $false #This would need to be true on the next SU release. } (Get-ExchangeBuildVersionInformation -FileVersion $latest2CUs[1]).Supported | Should -Be $false From fefb56e48e4bd3c14b52789b8d6f5fd58c290ba3 Mon Sep 17 00:00:00 2001 From: David Paulson Date: Mon, 25 Nov 2024 11:37:06 -0600 Subject: [PATCH 3/4] Update fix build number for known issue SU --- .../Analyzer/Invoke-AnalyzerKnownBuildIssues.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerKnownBuildIssues.ps1 b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerKnownBuildIssues.ps1 index 374f0ced6..f970b4846 100644 --- a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerKnownBuildIssues.ps1 +++ b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerKnownBuildIssues.ps1 @@ -254,9 +254,9 @@ function Invoke-AnalyzerKnownBuildIssues { } $params = @{ CurrentVersion = $currentVersion - KnownBuildIssuesToFixes = @((GetKnownIssueBuildInformation "15.2.1544.13" $null), - (GetKnownIssueBuildInformation "15.2.1258.38" $null), - (GetKnownIssueBuildInformation "15.1.2507.43" $null)) + KnownBuildIssuesToFixes = @((GetKnownIssueBuildInformation "15.2.1544.13" "15.2.1544.14"), + (GetKnownIssueBuildInformation "15.2.1258.38" "15.2.1258.39"), + (GetKnownIssueBuildInformation "15.1.2507.43" "15.1.2507.44")) InformationUrl = (GetKnownIssueInformation @infoParams) } TestForKnownBuildIssues @params From 90bd90cc1193c1ac27beca646d633e9c6ff1e312 Mon Sep 17 00:00:00 2001 From: David Paulson Date: Tue, 26 Nov 2024 10:36:29 -0600 Subject: [PATCH 4/4] Include new override for Cve-2024-49040 --- .../Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1 b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1 index 56d45e206..28634bb27 100644 --- a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1 +++ b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1 @@ -21,7 +21,7 @@ function Invoke-AnalyzerSecurityCve-2024-49040 { $exchangeBuild = $exchangeInformation.BuildInformation.VersionInformation.BuildVersion # cSpell:disable # Need to disable cSpell because this is the name of the override - $filterParameterName = "AddDisclaimerforRegexMatch" + $filterParameterName = @("AddDisclaimerforRegexMatch", "AddP2FromRegexMatchHeader") # cSpell:enable } process { @@ -37,8 +37,8 @@ function Invoke-AnalyzerSecurityCve-2024-49040 { [array]$nonCompliantSenderSettings = Get-FilteredSettingOverrideInformation @params $overrideDisabled = $nonCompliantSenderSettings.Count -gt 0 -and - ($null -ne ($nonCompliantSenderSettings | Where-Object { $_.ParameterValue -eq "false" })) - $isSuApplied = (Test-ExchangeBuildGreaterOrEqualThanSecurityPatch -CurrentExchangeBuild $SecurityObject.BuildInformation -SUName "Nov24SU") + (($nonCompliantSenderSettings | Where-Object { $_.ParameterValue -eq "false" }).Count -eq 2) + $isSuApplied = (Test-ExchangeBuildGreaterOrEqualThanSecurityPatch -CurrentExchangeBuild $SecurityObject.BuildInformation -SUName "Nov24SUv2") if (-not $isSuApplied -or $overrideDisabled) { $params = @{