Microsoft Exchange is currently under threat due to four newly discovered zero-day vulnerabilities, which attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. These vulnerabilities were disclosed by Trend Micro's Zero Day Initiative (ZDI) on September 7th and 8th, 2023. Despite their potential threat, Microsoft has chosen to delay [...]
Software Release – EPG 3.7.6 Toronto, Canada – October 24th, 2023: Messageware Incorporated, the leader in Microsoft Exchange security and productivity tools, announced a major update of their flagship product Messageware Exchange Protocol Guard (EPG). The following updates are now available for customers and trial users: Messageware EPG 2019 v3.7.6 Messageware EPG 2016 v3.7.6 Messageware EPG [...]
October has been a busy month of changes for Exchange Online users. This article summarizes recent updates and announcements from Microsoft on the Exchange Team Blog. 1) Farewell to Remote PowerShell in Exchange Online Earlier this year, Microsoft officially depreciated the Remote PowerShell Protocol (RPS) in Exchange Online. This month, RPS is no longer available [...]
Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2019 Exchange Server 2016 SUs are available for the following specific versions of Exchange Server: Exchange Server 2019 CU12 and CU13 Exchange Server 2016 CU23 The October 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are [...]
Article Summary: This article examines the common Exchange Server attacks that result in Active Directory lockouts and effective techniques to prevent Active Directory user accounts lockouts. By deploying intelligent threat detection, enforcing strong password policies, enabling multi-factor authentication, and monitoring signs of compromise, companies can thwart attackers’ efforts to access mailboxes and maintain business continuity. [...]
Who’s probing your Exchange Server? Today’s systems reveal more information to the internet than intended. If you have an internet facing Exchange Server, it is being probed to discover its specifications, vulnerabilities, and weaknesses. RELATED: Watch a video on High Volume Attacks attacks on Exchange Server Hackers Hackers probe Exchange Servers to identify weaknesses or [...]
For the past 30 years, Messageware has provided cutting-edge Microsoft solutions, and empowered businesses with tools to enhance their productivity and security. As we celebrate Messageware's anniversary, we reflect on its remarkable journey of innovation and growth. For more information, visit our About Us page. The Early Days Messageware's story began in 1993. Our founder [...]
Important: The Aug 8 SU has been withdrawn and re-released by Microsoft due to installation issues in some environments. For more information and what to do if you installed Aug 8 SUv1 you can refer to the Microsoft blog article here: Re-release of August 2023 Exchange Server Security Update packages - Microsoft Community Hub. Otherwise, proceed [...]
Microsoft has re-released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2019 Exchange Server 2016 SUs are available for the following specific versions of Exchange Server: Exchange Server 2019 CU12 and CU13 Exchange Server 2016 CU23 More information from Microsoft about the re-release is available here. The following table describes the actions you need to take based on [...]
Great news - Messageware has reached a significant milestone in its journey. Our software is now used in an impressive 55 countries worldwide! Our dedicated team of experts continuously improve our Microsoft Exchange Server security software to stay ahead of ever-evolving cyber threats. We’re proud of our growing client base: 2500+ enterprises in all industries; [...]
UPDATE: Microsoft re-released the SU on August 15th, 2023. See more details here. The August 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your [...]
In this article, we'll answer frequently asked questions about how to manage your Active Directory Lockout policy. There is no one-size-fits-all approach to customizing these settings as organizations have different risk levels. For helpful information about what causes frequent Active Directory account lockouts, check out our blog "6 Common Causes of Active Directory Account Lockouts and [...]
Microsoft and the Ukraine CERT have identified targeted attacks against the defense industry and Microsoft Exchange servers by a Russian state-sponsored hacking group known as Turla. The attacks leverage a new malware backdoor called 'DeliveryCheck,' a .NET backdoor which can execute second-stage payloads. What makes DeliveryCheck stand out is its Microsoft Exchange Server-side component. The [...]
This article will explain the most common causes of Active Directory Lockouts, and how to mitigate them. For information on managing your Active Directory account policies and changing settings, refer to our blog: How to Change Active Directory (AD) Lockout Policy. RELATED: Secure Exchange Server from Attacks, Probing, Password Guessing and Active Directory Lockouts. Learn [...]
Microsoft confirms that Chinese hackers breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies. The attacks were carried out by a threat group tracked as Storm-0558, who used an inactive consumer signing key to create tokens for Azure Active Directory and Microsoft accounts (MSA) to access [...]
The Microsoft July 2023 Patch Tuesday update (released July 11) does not include any changes for Exchange Server security. It does address 132 CVEs, nine of which were labelled as "critical." Most notably, this update also fixes six zero-day vulnerabilities that were actively exploited in the wild, as well as thirty-seven remote code execution (RCE) [...]
Microsoft released security updates for Exchange Server on June 14, 2023. While no active threats are currently known to be exploiting these vulnerabilities, IT admins should prioritize patching them as soon as possible. One of the most critical vulnerabilities is a bypass of fixes for two Exchange Server remote code execution bugs. This vulnerability exists [...]
Microsoft has confirmed that there are massive issues and outages across Exchange, Outlook, Teams, and OneDrive. The company is currently investigating the cause of the outage and has not yet provided an ETA for when it will be resolved. In the meantime, users are experiencing problems with sending and receiving emails, accessing files, and using [...]
The recent disruption to Microsoft 365 services resulted in users being unable to access their apps for the sixth time this year. Users had reported difficulties in accessing their Outlook mailboxes, and connection attempts to Microsoft 365 servers were unsuccessful. The company acknowledged these issues in a notification, stating, "User reports indicate that the disruption [...]
Microsoft has recently announced its intention to make Edge the default browser for opening web links from the Outlook application. According to the article, this update will affect users of Microsoft 365 services, meaning that any links clicked within the Outlook for Windows app will automatically open in Edge. The originating email with the link [...]
