[Issue] - Health Checker - CVE-2023-36434 Vulnerability message on server 2025 #2255
Comments
|
Windows Server 2025 is not a supported operating system (OS) for running Exchange Server. Therefore, we do not have any logic in place to check for the OS version concerning this CVE. For more details, please refer to https://learn.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#supported-operating-systems. Additionally, OS in-place upgrades are not supported. |
lusassl-msft
added
By Design / No issue
|
We do need to check into this for Exchange 2019 CU15 where this is supported and make sure there isn't an issue there. |
|
@StiflersM0M thanks for reporting this. However, as of right now, Exchange 2019 is not supported with Windows Server 2025 until CU15. That being said, we do need to adjust the code to account for Windows Server 2025+ on this check. |
|
This issue has been addressed internally and will be resolved when Exchange CU15 is released and is actually supported with Windows Server 2025. This issue will be closed at that time. |
Provide Version Number
Newest available on 12.12.2024
Version: Exchange 2019 CU14 Nov24SUv2
Build Number: 15.02.1544.014
Describe the issue
Health Checker shows that the Server is vulnerable for CVE-2023-36434. But CVE states that Server 2025 isnt affected by the vulnerablility (therefore there is also no Fix/Update available).
Expected behavior
Seems like a false positive on Server 2025, so Health Checker shouldnt show this as a detected vulnerablility.
Additional context
Server was upgraded (inplace upgrade) from 2022 to 2025. At the time of the update, KB5031364 (Fixing update) was allready installed on server 2022.
The text was updated successfully, but these errors were encountered: