Microsoft has disclosed a high-severity vulnerability in Exchange Server hybrid deployments that poses significant risks to organizations worldwide. CVE-2025-53786, with a CVSS score of 8.0, enables attackers to escalate privileges from on-premises Exchange servers to connected cloud environments without leaving detectable audit trails. The Core Security Flaw The vulnerability exploits a fundamental design weakness in Exchange [...]

A sophisticated new threat has emerged targeting Microsoft Exchange infrastructure worldwide. Kaspersky's Global Research and Analysis Team recently uncovered GhostContainer, a highly advanced backdoor malware that leverages open-source tools to establish persistent access to Exchange servers. This analysis examines the technical mechanisms, attack vectors, and implications of this threat for enterprise security teams managing Exchange deployments. GhostContainer [...]

A critical zero-day vulnerability in Microsoft SharePoint has triggered widespread cyberattacks across the globe, affecting businesses, government agencies, and educational institutions. The attack exploits a previously unknown security flaw that allows hackers to gain complete control over on-premises SharePoint servers without authentication. Microsoft has now directly attributed these attacks to Chinese state-sponsored hacking groups. Scale [...]

Microsoft has announced an optional 6-month Extended Security Update (ESU) program for Exchange Server 2016 and 2019, providing a temporary bridge for organizations struggling to complete their migrations before the upcoming end-of-support deadline. This program represents Microsoft's response to customer feedback indicating that some organizations need additional time to finalize their transitions to Exchange Subscription [...]

The second week of July 2025 marked a significant disruption in Microsoft's cloud ecosystem, with a cascading series of outages that affected millions of users worldwide. What began as isolated reports of service issues on July 9th quickly escalated into one of the most prolonged and impactful outages in Microsoft 365's history, lasting over 19 [...]

Microsoft Exchange Server Subscription Edition (SE) is now available for general release as of July 1, 2025. This marks a significant shift in how Microsoft delivers and supports its on-premises email server solution. What Exchange Server SE Brings to Organizations Exchange Server SE represents the future of Microsoft's on-premises email platform. The product operates under [...]

Active Directory (AD) is a primary target for attackers due to its central role in enterprise authentication and authorization. Password attacks against AD often represent an initial access vector, potentially leading to more severe compromises. A layered defense approach is necessary for robust protection. This document outlines strategies to defend AD against such attacks. Understanding [...]

Hotfix update for Microsoft Exchange Server 2019 CU15 HU2 was released on May 29, 2025. It includes fixes for nonsecurity issues and introduces new features. These fixes and features will also be included in later cumulative updates for Exchange Server 2019.  Microsoft Exchange Server Build Numbers, Cumulative Updates (CU), Security Updates (SU) and Release Dates Microsoft [...]

Introduction to Exchange Server Subscription Edition Microsoft Exchange Server has been a cornerstone of business communication since its initial release in 1993. As we approach the release of Exchange Server Subscription Edition (SE) in the third quarter of 2025, we're seeing a significant shift in Microsoft's approach to on-premises email and collaboration services. This new [...]

Russia's elite cyber espionage unit, Fancy Bear (APT28), has intensified its sophisticated attacks on Microsoft Exchange servers as part of a broader campaign targeting Western organizations supporting Ukraine. The joint cybersecurity advisory released on May 21, 2025, by 21 international intelligence agencies reveals how the Russian General Staff Main Intelligence Directorate (GRU) military unit 26165 [...]

Defender, ESET, Kaspersky, McAfee, Bitdefender Antivirus on Exchange Server Exchange Server and antivirus software must coexist properly to prevent false positives tie up support staff and cause concern in the IT group. This guide walks through essential configurations and introduces an automated solution to implement them correctly. The Critical Problem When antivirus software locks or [...]

Microsoft has released Hotfix Updates (HUs) that enables support for new functionality and address issues in earlier updates. Exchange Server 2019 Exchange Server 2016 HUs are available for the following specific versions of Exchange Server: Exchange Server 2019 CU14 and 2019 CU15 Exchange Server 2016 CU23 The April 2025 HUs do not contain any new Exchange Server security updates.  Key Updates and [...]

Microsoft has issued a warning about increased attacks on on-premises Exchange Server and SharePoint Server environments. These attacks, observed through April 2025, allow criminals to gain privileged access to networks, execute code remotely, and steal sensitive data. https://twitter.com/MsftSecIntel/status/1913268790504161725 Attack Methods Evolve Attackers now frequently use NTLM relay techniques against Exchange Server. This method exploits weaknesses [...]

Welcome to Q1 2025! Last year ended quietly with no Exchange Server updates since November. The new year promises to be eventful, with significant changes to Exchange Server and Microsoft Windows. We expect major updates and product launches from Microsoft this year. While Microsoft delivers these new product updates, Messageware is focused on continuing to [...]

The highly anticipated Exchange Server 2019 CU15 release has faced unexpected delays beyond its initial January 2025 target. Why the Delay? The postponement stems from two critical factors. First, CU15 incorporates new features as it's designed to be code-equivalent to the upcoming Exchange Subscription Edition (SE) RTM. Second, Microsoft's Technology Adoption Program (TAP) testing revealed issues [...]

Microsoft Exchange Server 2016 and 2019 are approaching a critical milestone, with both versions reaching their end of extended support on October 14, 2025. While existing installations will continue to function after this date, Microsoft has emphasized the importance of planning ahead, stating "Customer installations of Exchange 2016 and Exchange 2019 will of course continue [...]

In the past five years, Microsoft Exchange Server has weathered some of the most sophisticated and damaging cyberattacks in recent history. From the devastating Hafnium campaign that compromised over 250,000 servers globally to the stealthy ProxyLogon discovery, and the Storm-0558 intrusion that breached high-level government communications. These attacks have fundamentally changed how organizations approach email [...]