Exchange 2013

Exchange Cumulative Updates and Distribution List Upgrades

The quarterly cumulative updates for Exchange Server quietly appeared with little fuss this week. Meanwhile, in cloud land, Office 365 continues the crusade to eradicate distribution lists with new bulk conversions to Office 365 Groups.

Last Update: May 23, 2022

LATEST

Exchange and the Turla LightNeuron Attack

Turla, a Russian cyber-espionage group is reported as being behind an attack on Exchange on-premises servers that uses transport agents to capture and process messages for selected users. It’s an attack vector that hasn’t been seen before and raises the question of how often administrators should review transport agents active on their servers. The important point is that unless your network is compromised, hackers cannot install transport agents on Exchange servers and this attack is more theoretical than practical.

View Article

Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches

The recent exposure of a privilege elevation vulnerability that exists in the control Exchange has over Active Directory and EWS push notifications is fixed by cumulative updates for Exchange 2013, Exchange 2016, and Exchange 2019 and a roll-up update for Exchange 2010 SP3. These changes mark an architectural modification for Exchange, something that Microsoft is loathe to do outside major releases. Install the updates now!

View Article

Fixing a Multi-Protocol Exchange Server Vulnerability

No fix is available yet for the Exchange vulnerability reported by Dirk-jan Mollema and described in CVE-2018-8581. Apart from deploying a split permissions model, no out-of-the-box mitigation exists today. Microsoft is working actively to fix the problem and in the meantime, the brains of the Exchange community are hard at work to come up with possible solutions.

View Article

All Versions of On-Premises Exchange Server Vulnerable to New Attack

A newly-discovered vulnerability in Exchange potentially allows attackers to gain control over Active Directory. Since Exchange 2000, Exchange has been a highly-privileged server that’s tightly connected to Active Directory. Add in some NTLM weakness, Exchange Web Services push notifications, and everything comes together for the bad guys.

View Article

Microsoft Migrates Exchange Public Folders to Office 365 Groups

Microsoft has new tools to migrate public folders (the “cockroaches of Exchange”) to Office 365 Groups. Sounds good. The good news is that the tools work, even if they need a lot of manual oversight. ISVs offer tools to do the same job with more automation. The choice is yours!

View Article

Sponsored: Managing Email Signatures

Surprisingly, Microsoft has never included a central method to manage user autosignatures within the cloud or on-premises versions of Exchange. Which means that you must let users manage their signatures, build your own tools, or deploy a commercial solution.

View Article

Migrating Modern Public Folders to Exchange Online (or Elsewhere)

Microsoft now supports the migration of modern public folders to Exchange Online. ISV solutions allow you to migrate public folders to other places, like Office 365 Groups and shared mailboxes, which seems like a lot more interesting.

View Article

Windows 2016 Support (Again!) Is Key Element in Quarterly Exchange Updates

Microsoft has fixed the IIS crash that caused problems for Windows 2016 DAG members in Exchange 2016 CU4. Exchange 2013 also gets its quarterly overhaul of fixes in CU15.

View Article

Updates Released for Exchange 2016 and Exchange 2013

With all the focus and attention paid to Office 365, you’d be forgiven for assuming that not much happens in the world of on-premises software. Microsoft will support Exchange 2016 until 2025 and has to maintain the software through patches and updates until then. Exchange 2013 isn’t forgotten either. New cumulative updates are available for the two servers. Cue excitement all round.

View Article
Go to page