Who’s probing your Exchange Server? Today’s systems reveal more information to the internet than intended. If you have an internet facing Exchange Server, it is being probed to discover its specifications, vulnerabilities, and weaknesses. RELATED: Watch a video on High Volume Attacks attacks on Exchange Server Hackers Hackers probe Exchange Servers to identify weaknesses or [...]
For the past 30 years, Messageware has provided cutting-edge Microsoft solutions, and empowered businesses with tools to enhance their productivity and security. As we celebrate Messageware's anniversary, we reflect on its remarkable journey of innovation and growth. For more information, visit our About Us page. The Early Days Messageware's story began in 1993. Our founder [...]
Important: The Aug 8 SU has been withdrawn and re-released by Microsoft due to installation issues in some environments. For more information and what to do if you installed Aug 8 SUv1 you can refer to the Microsoft blog article here: Re-release of August 2023 Exchange Server Security Update packages - Microsoft Community Hub. Otherwise, proceed [...]
Microsoft has re-released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2019 Exchange Server 2016 SUs are available for the following specific versions of Exchange Server: Exchange Server 2019 CU12 and CU13 Exchange Server 2016 CU23 More information from Microsoft about the re-release is available here. The following table describes the actions you need to take based on [...]
Great news - Messageware has reached a significant milestone in its journey. Our software is now used in an impressive 55 countries worldwide! Our dedicated team of experts continuously improve our Microsoft Exchange Server security software to stay ahead of ever-evolving cyber threats. We’re proud of our growing client base: 2500+ enterprises in all industries; [...]
UPDATE: Microsoft re-released the SU on August 15th, 2023. See more details here. The August 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your [...]
In this article, we'll answer frequently asked questions about how to manage your Active Directory Lockout policy. There is no one-size-fits-all approach to customizing these settings as organizations have different risk levels. For helpful information about what causes frequent Active Directory account lockouts, check out our blog "Solved: Active Directory Account Lockouts and How to [...]
Microsoft and the Ukraine CERT have identified targeted attacks against the defense industry and Microsoft Exchange servers by a Russian state-sponsored hacking group known as Turla. The attacks leverage a new malware backdoor called 'DeliveryCheck,' a .NET backdoor which can execute second-stage payloads. What makes DeliveryCheck stand out is its Microsoft Exchange Server-side component. The [...]
This article will explain the most common causes of Active Directory Lockouts, and how to mitigate them. For information on managing your Active Directory account policies and changing settings, refer to our blog: How to Change Active Directory (AD) Lockout Policy. What is Active Directory? Active Directory account lockouts are a common issue that system [...]
Microsoft confirms that Chinese hackers breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies. The attacks were carried out by a threat group tracked as Storm-0558, who used an inactive consumer signing key to create tokens for Azure Active Directory and Microsoft accounts (MSA) to access [...]
The Microsoft July 2023 Patch Tuesday update (released July 11) does not include any changes for Exchange Server security. It does address 132 CVEs, nine of which were labelled as "critical." Most notably, this update also fixes six zero-day vulnerabilities that were actively exploited in the wild, as well as thirty-seven remote code execution (RCE) [...]
Microsoft released security updates for Exchange Server on June 14, 2023. While no active threats are currently known to be exploiting these vulnerabilities, IT admins should prioritize patching them as soon as possible. One of the most critical vulnerabilities is a bypass of fixes for two Exchange Server remote code execution bugs. This vulnerability exists [...]
Microsoft has confirmed that there are massive issues and outages across Exchange, Outlook, Teams, and OneDrive. The company is currently investigating the cause of the outage and has not yet provided an ETA for when it will be resolved. In the meantime, users are experiencing problems with sending and receiving emails, accessing files, and using [...]
The recent disruption to Microsoft 365 services resulted in users being unable to access their apps for the sixth time this year. Users had reported difficulties in accessing their Outlook mailboxes, and connection attempts to Microsoft 365 servers were unsuccessful. The company acknowledged these issues in a notification, stating, "User reports indicate that the disruption [...]
Microsoft has recently announced its intention to make Edge the default browser for opening web links from the Outlook application. According to the article, this update will affect users of Microsoft 365 services, meaning that any links clicked within the Outlook for Windows app will automatically open in Edge. The originating email with the link [...]
Toronto, Canada – May 3rd, 2023: Messageware Incorporated, the leader in Microsoft Exchange security and productivity tools, announced a new version of their flagship product Messageware Exchange Protocol Guard (EPG). The latest version enhances Exchange Server security with official integration of Spamhaus threat intelligence data feeds. These feeds provide highly accurate, real-time data about systems [...]
Microsoft released Cumulative Update 13 for Microsoft Exchange Server 2019 on May 3rd, 2023. This cumulative update is a security update. It includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues , including updates in the March 2023 SU. Highlights: Microsoft has announced that they are bringing Modern Authentication to pure on-premises Exchange Server environments [...]
Microsoft 365 has experienced another outage, which is impacting search features in several services. Microsoft experienced another outage that impacted the search functionality of various Microsoft 365 services, including Outlook on the web, Exchange Online, SharePoint Online, Microsoft Teams, and Outlook desktop clients. The company acknowledged the problem on April 24th and stated that it [...]
The New York Attorney General has accepted a settlement of $200,000 from a New York-based medical malpractice law firm in response to their inadequate data security practices that resulted in more than one-hundred thousand hospital patient's details been exposed. According to Letitia James, the Attorney General of New York, HPMB's "poor data security measures" were [...]
Summary CERT-UA, Ukraine's Computer Emergency Response Team, was the first to discover the vulnerability with a 9.8 CVSS score that affects all supported versions of Outlook for Windows. Microsoft reported that a group of Russian hackers took advantage of the NTLM vulnerability to attack a number of European and military organizations in 2022. The Threat [...]
