The revelations that Exchange Server has had a vulnerability in the Exchange Control Panel since Exchange 2010 shocked some. Microsoft has patched CVE-2020-0688, but the problem gives on-premises administrators something to think about as they look to the long-term future of their email service. Staying on-premises is an option, but going to the cloud might be more secure.
In a surprising but welcome announcement, Microsoft moved the end of extended support for Exchange 2010 to October 2020. This version of Exchange was the most technology-rich and significant in the product's history, which might be the reason why so many organizations still depend on Exchange 2010 for email. Better options exist, and Exchange Online is the natural place to go... if your network and applications allow the move.
The recent exposure of a privilege elevation vulnerability that exists in the control Exchange has over Active Directory and EWS push notifications is fixed by cumulative updates for Exchange 2013, Exchange 2016, and Exchange 2019 and a roll-up update for Exchange 2010 SP3. These changes mark an architectural modification for Exchange, something that Microsoft is loathe to do outside major releases. Install the updates now!
No fix is available yet for the Exchange vulnerability reported by Dirk-jan Mollema and described in CVE-2018-8581. Apart from deploying a split permissions model, no out-of-the-box mitigation exists today. Microsoft is working actively to fix the problem and in the meantime, the brains of the Exchange community are hard at work to come up with possible solutions.
A newly-discovered vulnerability in Exchange potentially allows attackers to gain control over Active Directory. Since Exchange 2000, Exchange has been a highly-privileged server that's tightly connected to Active Directory. Add in some NTLM weakness, Exchange Web Services push notifications, and everything comes together for the bad guys.
Exchange 2010 will become unsupported on January 14, 2020. It's time to decide whether to move to Office 365 or Exchange 2016/2019. Exchange 2010 was a really big and important release in the 23-year history of the product, so it's sad to see it heading to the software scrapyard.
Microsoft has new tools to migrate public folders (the "cockroaches of Exchange") to Office 365 Groups. Sounds good. The good news is that the tools work, even if they need a lot of manual oversight. ISVs offer tools to do the same job with more automation. The choice is yours!
Surprisingly, Microsoft has never included a central method to manage user autosignatures within the cloud or on-premises versions of Exchange. Which means that you must let users manage their signatures, build your own tools, or deploy a commercial solution.
Learn how to perform a Exchange 2010 cross-forest migration using the Active Directory Migration Tool (ADMT) and the Password Export Server.
In this second installment of our article series on Exchange 2010 cross-forest migration we perform a GAL Sync and Enable MRS Proxy.
Configure a test lab for a Microsoft Exchange 2010 cross forest migration in this four-part article series by Exchange expert Krishna Kumar.
Wait no longer: Exchange 2010 SP3 is available! Download the update, discover its new features, and learn how to install the latest version of Exchange 2010.
Microsoft PST Capture Tool can be a life saver! Learn to install the PST Capture Console and search for PST files on Exchange 2010 with this helpful guide.
You know you should make a test environment, right? Learn to create test data for Exchange 2010 using PowerShell in part one of this two-part series.
Learn how to configure the Out of Office (OOF) message for any user with the Exchange Management Shell.