Microsoft has announced the release of hotfix updates aimed at resolving several issues that have been affecting Exchange servers following the installation of the March 2024 security updates. In addition to fixing these problems, the April 2024 Hotfix Update (HU) introduces support for Elliptic Curve Cryptography (ECC) certificates and Hybrid Modern Authentication (HMA) for Outlook Web App (OWA) and Exchange Control Panel (ECP). The company has made it clear that while the April 2024 HU is optional, it is highly recommended for those who have encountered issues post-March 2024 Security Update (SU) or require the new features.
Addressed Issues and New Features
The April 2024 HU not only incorporates the security enhancements from the March 2024 SU but also remedies specific issues introduced by the latter. Among the rectified problems are a malfunction that prevented download domains from operating correctly, affecting the display of inline images in OWA and hindering attachment downloads. Furthermore, a bug that produced “We can't open this document” errors and obstructed Microsoft Word document previews in OWA has been corrected.
Additional fixes include resolving a search error in the Outlook cached mode, failures in OwaDeepTestProbe and EacBackEndLogonProbe, issues with editing permissions in the ECP, the absence of the unread envelope icon in Outlook, malfunctions in the My Templates add-in, and errors with published calendars stating “This calendar isn't available.” Microsoft is also addressing a problem where printing calendars in OWA may fail without using the CTRL+P keyboard shortcut.
Support and Migration Guidance
The hotfixes are available for Exchange Server 2019 CU13 and CU14, as well as Exchange Server 2016 CU23. Following the end of mainstream support for Exchange Server 2019 announced in January, Microsoft has committed to continuing the release of patches for security issues but will not entertain requests for bug fixes or Design Change Requests (DCR). Exchange Server 2016, having reached its mainstream support end date in October 2020, will remain under extended support until October 2025. In light of these developments, Microsoft is providing detailed migration information and guidance for global administrators considering a transition to Exchange Online on its documentation site.
The hotfixes come as Microsoft faces criticism over its handling of security on Exchange. Earlier this month, The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an Emergency Directive following the discovery that Russian espionage operatives, known as Midnight Blizzard or Cozy Bear, infiltrated Microsoft's email system. The breach, which was first reported earlier this year, allowed the hackers to access and exfiltrate sensitive data, including email correspondences between Federal Civilian Executive Branch (FCEB) agencies and Microsoft.
