Microsoft has released the September 2025 Hotfix Updates (HUs) for Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE). These non-security updates address specific issues in earlier releases and include continued support for the dedicated Exchange hybrid app functionality. HUs are available for the following specific versions of Exchange Server: Exchange Server [...]

Messageware is pleased to announce that Messageware AttachView is now fully compatible with Exchange Server SE, delivering complete Outlook Web attachment protection for organizations migrating to or running SE environments. As the only third-party solution purpose-built for Exchange Server SE, AttachView provides unmatched security for Outlook Web attachments. By instantly converting files into secure, browser-based [...]

Microsoft has released the August 2025 Security Updates (SUs) for Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE). These cumulative updates address multiple vulnerabilities and introduce default security hardening, and they explicitly include the capability required for on‑premises Exchange to support and use the dedicated Exchange hybrid app needed to mitigate [...]

Microsoft has disclosed a high-severity vulnerability in Exchange Server hybrid deployments that poses significant risks to organizations worldwide. CVE-2025-53786, with a CVSS score of 8.0, enables attackers to escalate privileges from on-premises Exchange servers to connected cloud environments without leaving detectable audit trails. The Core Security Flaw The vulnerability exploits a fundamental design weakness in Exchange [...]

A sophisticated new threat has emerged targeting Microsoft Exchange infrastructure worldwide. Kaspersky's Global Research and Analysis Team recently uncovered GhostContainer, a highly advanced backdoor malware that leverages open-source tools to establish persistent access to Exchange servers. This analysis examines the technical mechanisms, attack vectors, and implications of this threat for enterprise security teams managing Exchange deployments. GhostContainer [...]

A critical zero-day vulnerability in Microsoft SharePoint has triggered widespread cyberattacks across the globe, affecting businesses, government agencies, and educational institutions. The attack exploits a previously unknown security flaw that allows hackers to gain complete control over on-premises SharePoint servers without authentication. Microsoft has now directly attributed these attacks to Chinese state-sponsored hacking groups. Scale [...]

Microsoft has announced an optional 6-month Extended Security Update (ESU) program for Exchange Server 2016 and 2019, providing a temporary bridge for organizations struggling to complete their migrations before the upcoming end-of-support deadline. This program represents Microsoft's response to customer feedback indicating that some organizations need additional time to finalize their transitions to Exchange Subscription [...]

The second week of July 2025 marked a significant disruption in Microsoft's cloud ecosystem, with a cascading series of outages that affected millions of users worldwide. What began as isolated reports of service issues on July 9th quickly escalated into one of the most prolonged and impactful outages in Microsoft 365's history, lasting over 19 [...]

Microsoft Exchange Server Subscription Edition (SE) is now available for general release as of July 1, 2025. This marks a significant shift in how Microsoft delivers and supports its on-premises email server solution. What Exchange Server SE Brings to Organizations Exchange Server SE represents the future of Microsoft's on-premises email platform. The product operates under [...]

Active Directory (AD) is a primary target for attackers due to its central role in enterprise authentication and authorization. Password attacks against AD often represent an initial access vector, potentially leading to more severe compromises. A layered defense approach is necessary for robust protection. This document outlines strategies to defend AD against such attacks. Understanding [...]

Hotfix update for Microsoft Exchange Server 2019 CU15 HU2 was released on May 29, 2025. It includes fixes for nonsecurity issues and introduces new features. These fixes and features will also be included in later cumulative updates for Exchange Server 2019.  Microsoft Exchange Server Build Numbers, Cumulative Updates (CU), Security Updates (SU) and Release Dates Microsoft [...]

Introduction to Exchange Server Subscription Edition Microsoft Exchange Server has been a cornerstone of business communication since its initial release in 1993. As we approach the release of Exchange Server Subscription Edition (SE) in the third quarter of 2025, we're seeing a significant shift in Microsoft's approach to on-premises email and collaboration services. This new [...]

Russia's elite cyber espionage unit, Fancy Bear (APT28), has intensified its sophisticated attacks on Microsoft Exchange servers as part of a broader campaign targeting Western organizations supporting Ukraine. The joint cybersecurity advisory released on May 21, 2025, by 21 international intelligence agencies reveals how the Russian General Staff Main Intelligence Directorate (GRU) military unit 26165 [...]

Defender, ESET, Kaspersky, McAfee, Bitdefender Antivirus on Exchange Server Exchange Server and antivirus software must coexist properly to prevent false positives tie up support staff and cause concern in the IT group. This guide walks through essential configurations and introduces an automated solution to implement them correctly. The Critical Problem When antivirus software locks or [...]

Microsoft has released Hotfix Updates (HUs) that enables support for new functionality and address issues in earlier updates. Exchange Server 2019 Exchange Server 2016 HUs are available for the following specific versions of Exchange Server: Exchange Server 2019 CU14 and 2019 CU15 Exchange Server 2016 CU23 The April 2025 HUs do not contain any new Exchange Server security updates.  Key Updates and [...]

Microsoft has issued a warning about increased attacks on on-premises Exchange Server and SharePoint Server environments. These attacks, observed through April 2025, allow criminals to gain privileged access to networks, execute code remotely, and steal sensitive data. https://twitter.com/MsftSecIntel/status/1913268790504161725 Attack Methods Evolve Attackers now frequently use NTLM relay techniques against Exchange Server. This method exploits weaknesses [...]

Welcome to Q1 2025! Last year ended quietly with no Exchange Server updates since November. The new year promises to be eventful, with significant changes to Exchange Server and Microsoft Windows. We expect major updates and product launches from Microsoft this year. While Microsoft delivers these new product updates, Messageware is focused on continuing to [...]