Trusted by more than 2500 companies with over 5 million users
4 05, 2023

Microsoft Exchange Server Security Strengthened by Messageware with Spamhaus Threat Data Feeds

2023-05-05T03:53:48-04:00

Toronto, Canada – May 3rd, 2023: Messageware Incorporated, the leader in Microsoft Exchange security and productivity tools, announced a new version of their flagship product Messageware Exchange Protocol Guard (EPG). The latest version enhances Exchange Server security with official integration of Spamhaus threat intelligence data feeds. These feeds provide highly accurate, real-time data about systems [...]

Microsoft Exchange Server Security Strengthened by Messageware with Spamhaus Threat Data Feeds2023-05-05T03:53:48-04:00
4 05, 2023

Released: 2023 H1 Cumulative Update for Exchange Server 2019

2023-05-05T09:29:01-04:00

Microsoft released Cumulative Update 13 for Microsoft Exchange Server 2019 on May 3rd, 2023. This cumulative update is a security update. It includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues , including updates in the March 2023 SU. Highlights: Microsoft has announced that they are bringing Modern Authentication to pure on-premises Exchange Server environments [...]

Released: 2023 H1 Cumulative Update for Exchange Server 20192023-05-05T09:29:01-04:00
2 05, 2023

More interruptions for Microsoft 365

2023-05-09T08:41:40-04:00

Microsoft 365 has experienced another outage, which is impacting search features in several services. Microsoft experienced another outage that impacted the search functionality of various Microsoft 365 services, including Outlook on the web, Exchange Online, SharePoint Online, Microsoft Teams, and Outlook desktop clients. The company acknowledged the problem on April 24th and stated that it [...]

More interruptions for Microsoft 3652023-05-09T08:41:40-04:00
5 04, 2023

Law firm HPMB fined $200,000 over Microsoft Exchange Server Security Breach

2023-04-05T10:37:01-04:00

The New York Attorney General has accepted a settlement of $200,000 from a New York-based medical malpractice law firm in response to their inadequate data security practices that resulted in more than one-hundred thousand hospital patient's details been exposed. According to Letitia James, the Attorney General of New York, HPMB's "poor data security measures" were [...]

Law firm HPMB fined $200,000 over Microsoft Exchange Server Security Breach2023-04-05T10:37:01-04:00
21 03, 2023

Critical Outlook NTLM Vulnerability Addressed by Microsoft Update

2023-03-21T06:46:18-04:00

Summary CERT-UA, Ukraine's Computer Emergency Response Team, was the first to discover the vulnerability with a 9.8 CVSS score that affects all supported versions of Outlook for Windows. Microsoft reported that a group of Russian hackers took advantage of the NTLM vulnerability to attack a number of European and military organizations in 2022. The Threat [...]

Critical Outlook NTLM Vulnerability Addressed by Microsoft Update2023-03-21T06:46:18-04:00
17 03, 2023

Microsoft March 2023 Patch Tuesday: Exchange Server Security Updates

2023-03-17T15:01:13-04:00

The March 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment. Official announcement can be found here. Microsoft has released Security Updates (SUs) for [...]

Microsoft March 2023 Patch Tuesday: Exchange Server Security Updates2023-03-17T15:01:13-04:00
17 03, 2023

Microsoft Exchange – Messageware Q1 2023 Newsletter

2023-03-28T07:26:36-04:00

We’ve seen a wave of cyberattacks and data breaches that swept across the globe with multiple zero-day exploits discovered in Exchange Online and On-premises. Microsoft is urging admins to protect their Exchange Servers by keeping Exchange servers updated with the latest CUs and SUs. “Attackers looking to exploit unpatched Exchange servers are not going to go away.” [...]

Microsoft Exchange – Messageware Q1 2023 Newsletter2023-03-28T07:26:36-04:00
14 03, 2023

Microsoft issues one month EOL warning for Exchange Server 2013

2023-03-14T07:18:00-04:00

Microsoft recently posted that users have a mere 31 days left to migrate away from Exchange Server 2013 before it reaches End-of-life (EOL). The Exchange Team has confirmed that even though support is ending soon, the software will still function past its expiration date. Taking this route is a bit of a risk as Microsoft won't be [...]

Microsoft issues one month EOL warning for Exchange Server 20132023-03-14T07:18:00-04:00
2 03, 2023

Microsoft Exchange Online Recovers from Worldwide Outage

2023-03-02T11:45:39-05:00

Microsoft is looking into another global outage that has impacted Exchange Online, its cloud-based email system. The Microsoft 365 Status Twitter feed reported “impact is specific to users who are served through the affected infrastructure in North America, Europe, and the United Kingdom.” The thread continues,  "We're investigating an issue wherein users may be unable [...]

Microsoft Exchange Online Recovers from Worldwide Outage2023-03-02T11:45:39-05:00
16 02, 2023

Microsoft February 2023 Patch Tuesday: Exchange Server Security Updates

2023-02-16T05:22:29-05:00

Microsoft has released patches to fix numerous vulnerabilities in the February 2023 Patch Tuesday release including remote code execution in Exchange Server. Official announcement can be found here. Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 To learn more about these vulnerabilities, see the following [...]

Microsoft February 2023 Patch Tuesday: Exchange Server Security Updates2023-02-16T05:22:29-05:00
2 02, 2023

Microsoft Urges Admins to Protect On-Premise Exchange Servers

2023-02-02T09:53:19-05:00

“We’ve said it before, we’re saying it now, and we’ll keeping saying it: It is critical to keep your Exchange servers updated.” Microsoft is reminding admins once again not only to stay current on the latest Cumulative Update (CU) and Security Update (SU) on all Exchange servers, but to also perform manual tasks to harden [...]

Microsoft Urges Admins to Protect On-Premise Exchange Servers2023-02-02T09:53:19-05:00
17 01, 2023

Microsoft Exchange Server 2013 Nears End of Support

2023-01-17T04:12:49-05:00

Exchange Server 2013 will reach its end of support on April 11, 2023. If you haven't already begun your migration from Exchange 2013 to Microsoft 365, Office 365, or Exchange 2019, now's the time to start planning. This means all security updates and patches will be ending soon!  After April 11th Microsoft will no longer [...]

Microsoft Exchange Server 2013 Nears End of Support2023-01-17T04:12:49-05:00
13 01, 2023

Microsoft January 2023 Patch Tuesday: Exchange Server Security Updates

2023-01-13T10:27:53-05:00

Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 The updates address the following vulnerabilities: CVE-2023-21745: Spoofing Vulnerability CVE-2023-21761: Information Disclosure Vulnerability CVE-2023-21762: Spoofing Vulnerability CVE-2023-21763: Elevation of Privilege Vulnerability CVE-2023-21764: Elevation of Privilege Vulnerability Official announcement can be found here. SUs are available for [...]

Microsoft January 2023 Patch Tuesday: Exchange Server Security Updates2023-01-13T10:27:53-05:00
27 12, 2022

Ransomware Group Targets Microsoft Exchange Server with New Exploit OWASSRF

2022-12-27T07:28:49-05:00

Threat actors affiliated with the Play ransomware strain are leveraging a never-before-seen exploit method that bypasses Microsoft’s ProxyNotShell URL rewrite mitigation. A New Exploit Chain CrowdStrike researchers have discovered a new exploit method they have named OWASSRF, or Outlook Web Access Server-Side Request Forgery. The novel exploit affects Exchange Server 2013, 2016 and 2019 by leveraging CVE-2022-41080 [...]

Ransomware Group Targets Microsoft Exchange Server with New Exploit OWASSRF2022-12-27T07:28:49-05:00
19 12, 2022

Microsoft Exchange ProxyNotShell Vulnerability Explained and How to Mitigate It

2022-12-19T07:41:19-05:00

ProxyShell and ProxyLogon are two high severity exploits against Microsoft Exchange Servers discovered in 2021. Both vulnerabilities enable threat actors to perform remote code execution on vulnerable systems. A year later, another easily exploitable vulnerability named ProxyNotShell is threatening unpatched Exchange Servers. Here's a great article we recommend you read: Microsoft Exchange ProxyNotShell vulnerability explained [...]

Microsoft Exchange ProxyNotShell Vulnerability Explained and How to Mitigate It2022-12-19T07:41:19-05:00
29 11, 2022

ProxyNotShell Proof-of-Concept Published Online

2022-12-16T10:05:26-05:00

Security researchers confirm Proof-of-Concept (PoC) works against unpatched versions of Microsoft Exchange Server 2013, 2016 and 2019 In early August, researchers discovered cyberattacks against critical infrastructure using two unpublished Exchange Server security vulnerabilities. Microsoft’s Security Research Center (MSRC) stated: “The first exploit identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows [...]

ProxyNotShell Proof-of-Concept Published Online2022-12-16T10:05:26-05:00
21 11, 2022

Microsoft Exchange – Messageware Q4 2022 Newsletter

2022-11-21T10:18:35-05:00

The last few months have been busy. Lets look at the happenings and news from the Exchange Server Community: MEC Technical Airlift We hope you attended the Microsoft Exchange Conference ( MEC Technical Airlift ) and had an opportunity to engage with the community and listen to the keynote with Rajesh, Perry, and Jared. In [...]

Microsoft Exchange – Messageware Q4 2022 Newsletter2022-11-21T10:18:35-05:00
10 11, 2022

Microsoft November 2022 Patch Tuesday: Exchange Server Security Updates

2022-11-11T05:53:35-05:00

Microsoft has released security updates for two zero-day vulnerabilities: CVE-2022-41040, a server-side request forgery vulnerability, and CVE-2022-41082, which allows remote code execution. Collectively known as ProxyNotShell, the Exchange Server vulnerabilities have led to a spate of attacks linked to nation-state threat actors since late September. The SUs address vulnerabilities responsibly reported to Microsoft by security [...]

Microsoft November 2022 Patch Tuesday: Exchange Server Security Updates2022-11-11T05:53:35-05:00
25 10, 2022

On-Premise Chosen over Microsoft 365 due to Server Privacy Concerns

2023-09-13T11:04:20-04:00

In an ongoing battle that started in 2018 with the EU, several state courts, including the federal German court, found that Microsoft 365 was not compliant with GDPR laws. The ban mostly affects educational institutions and companies that use Microsoft’s 365 product line. The ban comes after Microsoft ended its special arrangements with German users. An [...]

On-Premise Chosen over Microsoft 365 due to Server Privacy Concerns2023-09-13T11:04:20-04:00
12 10, 2022

Microsoft October 2022 Patch Tuesday: Exchange Server Security Updates

2023-11-17T10:54:00-05:00

The SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Our recommendation is to immediately install these updates to protect your environment. NOTE   The October 2022 SUs do not contain fixes for the zero-day vulnerabilities reported publicly on September 29, 2022 (CVE-2022-41040 and CVE-2022-41082). Please see this blog post to apply mitigations for those [...]

Microsoft October 2022 Patch Tuesday: Exchange Server Security Updates2023-11-17T10:54:00-05:00