The revelations that Exchange Server has had a vulnerability in the Exchange Control Panel since Exchange 2010 shocked some. Microsoft has patched CVE-2020-0688, but the problem gives on-premises administrators something to think about as they look to the long-term future of their email service. Staying on-premises is an option, but going to the cloud might be more secure.
A Microsoft employee commented that Exchange 2019 is the last on-premises version, something that would bring the era of Exchange to a close after 25 or so years. Perhaps that's the case, and certainly there's been a huge transition of email workload to Exchange Online. But is an opinion expressed by a single Microsoft employee enough to tell us what will happen over the next few years?
Exchange 2019 has been around for six months. It's a good time to consider if on-premises organizations should upgrade or stick with the version of Exchange they run today. Exchange 2019 is a solid release, even if Microsoft's engineering efforts are largely focused on the cloud these days. Of course, moving to Exchange Online is an option too, but perhaps not for the dedicated on-premises deployments.
The recent exposure of a privilege elevation vulnerability that exists in the control Exchange has over Active Directory and EWS push notifications is fixed by cumulative updates for Exchange 2013, Exchange 2016, and Exchange 2019 and a roll-up update for Exchange 2010 SP3. These changes mark an architectural modification for Exchange, something that Microsoft is loathe to do outside major releases. Install the updates now!
No fix is available yet for the Exchange vulnerability reported by Dirk-jan Mollema and described in CVE-2018-8581. Apart from deploying a split permissions model, no out-of-the-box mitigation exists today. Microsoft is working actively to fix the problem and in the meantime, the brains of the Exchange community are hard at work to come up with possible solutions.
A newly-discovered vulnerability in Exchange potentially allows attackers to gain control over Active Directory. Since Exchange 2000, Exchange has been a highly-privileged server that's tightly connected to Active Directory. Add in some NTLM weakness, Exchange Web Services push notifications, and everything comes together for the bad guys.
Exchange 2010 will become unsupported on January 14, 2020. It's time to decide whether to move to Office 365 or Exchange 2016/2019. Exchange 2010 was a really big and important release in the 23-year history of the product, so it's sad to see it heading to the software scrapyard.
Meeting the commitment given at Ignite 2018, Microsoft has published the preferred architecture for Exchange 2019. As you'd expect, the architecture is highly influenced by the cloud. The fingerprints of Exchange Online are all over the document, but at least it's nice to see some technology (the MetaCache) being transferred from the cloud to on-premises customers.
Microsoft has shipped Exchange 2019, the latest in a long line of enterprise-class email servers stretching back to 1996. The latest version runs on Windows Server 2019 and Microsoft recommends that you use Server Core. There's fewer people using on-premises servers today, but those that do can install the best email server in the business.
Microsoft released lots of information about Exchange 2019 at the Ignite conference. Administrators will love some of the new features, but end users will find little to amuse them. But then again, the Exchange on-premises story is all about being a bulletproof enterprise-class email server. And that's just what Exchange 2019 delivers.
Microsoft has just launched the preview version of Exchange 2019. The good news is that it's a new version. What might be unexpected is the lack of new features. Some worthy plumbing won't turn user heads, but then again, when you're the best standalone email server on the planet, do you need to change very much? Dropping Unified Messaging will cause some brows to darken. Expect some sparks at Ignite.