Exchange Server

LATEST

Exchange Cumulative Updates and Distribution List Upgrades

Last Update: May 23, 2022

The quarterly cumulative updates for Exchange Server quietly appeared with little fuss this week. Meanwhile, in cloud land, Office 365 continues the crusade to eradicate distribution lists with new bulk conversions to Office 365 Groups.

View Article
Windows Logo

Microsoft to Ship Some Exchange Server Security Updates in .EXE Packages

Microsoft has announced some major changes to the delivery process for security updates (SUs) and hotfixes (HFs) for Exchange Server. Starting with the May 2022 Security Updates, the company is now releasing some Exchange Server SUs and HFs as self-extracting auto-elevating executables. Previously, Microsoft shipped all security updates as Windows Installer patch (.msp) files to…

View Article
Datacenter networking servers

Hive Ransomware Group Attacks Vulnerable Microsoft Exchange Servers

Security researchers have revealed a new series of ransomware attacks carried out by the Hive ransomware group to target Microsoft Exchange Servers. Hive is a popular ransomware-as-a-service (RaaS) model that was first discovered in June 2021. The Hive ransomware group targets business networks with several methods and mechanisms, including phishing emails with attachments. It has…

View Article

Exchange Online PowerShell Goes RESTful – But Only for Some Cmdlets

Last Update: Apr 12, 2022

At Microsoft Ignite 2019, the Exchange product group announced the public preview of a set of REST-based PowerShell cmdlets to replace some of the most popular (and in performance terms, most painful) traditional cmdlets. The new cmdlets are more reliable and robust and run 2-4 times faster than the older Remote PowerShell-based cmdlets (your mileage will vary). All good stuff.

View Article

Patch Tuesday January 2022 – Wormable Bug in Windows and a Critical Bug in Exchange Server Get Fixes

Microsoft patches a wormable bug in http.sys in Windows and Windows Server. There are also fixes for three remote code execution vulnerabilities in Exchange Server. And Adobe releases fixes for 26 flaws in Acrobat and Reader. So, let’s get started! Windows and Windows Server This month there are fixes for six zero-days in Windows and…

View Article

Microsoft Delivers Emergency Fix For Exchange Y2K22 Bug

Microsoft has released an official fix for the “Y2K22” bug that was previously preventing on-premise Exchange servers from sending emails. This issue started at midnight on January 1st, 2022, and it was causing emails to get stuck in transport queues due to a date check failure in the FIP-FS anti-malware scanning engine. The Microsoft Exchange Y2K22…

View Article

How to Mitigate Microsoft Exchange Autodiscover Protocol Flaw That Leaks User Credentials

In this article, I explain how the recently discovered flaw in the Exchange Server Autodiscover protocol can leak user credentials. And how to mitigate the issue in your environment. Microsoft Exchange Server Autodiscover protocol leaks thousands of user credentials Researchers at security company Guardicore have released details of a security issue in the Autodiscover protocol…

View Article

Patch Microsoft Exchange Servers Now to Stop LockFile Ransomware

The LockFile ransomware group has been actively launching attacks against Microsoft Exchange Servers, exploiting three vulnerabilities that were patched by Microsoft in April and May this year. Known as the Exchange Server ProxyShell vulnerabilities, the LockFile group uses them, in conjunction with the Windows PetitPotam vulnerabilities that were partially patched in the round of updates…

View Article

Understanding Exchange Server Updates and the Process to Patching

For all you IT Pros continuing to support an on-premises Exchange Server infrastructure (in any configuration), Microsoft has a vital message for you: It is extremely important to keep Exchange up to date. Due to the number of customers that were unprepared to install last month’s (Mar ’21) Emergency security patches, many had to scramble…

View Article

Microsoft Releases ‘One-Click’ HAFNIUM Mitigation Tool

Microsoft has a new tool that will make installing a temporary patch much easier to block known HANFIUM attacks.

View Article
Go to page