Microsoft Security Threat Intelligence has been tracking multiple ransomware campaigns by a group known as DEV-0270 who also goes by the alias Nemesis Kitten. Who is DEV-0270? DEV-0270, a sub-group of the Iranian threat actor known as PHOSPHORUS, are known for leveraging newly disclosed vulnerabilities against their targets. If successful, the group contacts the victim [...]
Security breaches cause organizational chaos, financial and reputation risk. Given how organizations have shifted to a hybrid of in-office and work-from-home, there is a significant increase in the security threat landscape, and it’s more important than ever to improve and harden Exchange Server security. These best practices help provide a baseline security framework that all [...]
Exciting news, MEC (The Microsoft Exchange Conference) is back! The biggest Exchange gathering of the year will be taking place ‘virtually’ Sept 13-14, 2022. It’s been 8 years since the last MEC and we’re excited for candid Q&A and hearing more from Microsoft on the future of Exchange Server. Here’s a link to the registration - https://aka.ms/MECAirlift! Released: [...]
Microsoft has released security updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 The SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to [...]
When Messageware was approached by a Missouri police department to assist with administrative streamlining, Messageware had the ideal solution. Issues at Hand The department’s administrative staff had been complaining of no MailTo ability for attachments since moving to Office 365. Staff had to re-login to the Outlook web session before they could navigate to attach [...]
When an Australian family-owned apparel retailer found Office 365 hindering their 500+ employees they turned to Messageware. The issue at hand: A customer since 2016, their business uses over one hundred Office 365 K1 Kiosk accounts for their retail stores. As none of these kiosks have mail clients installed on their local computers, they were [...]
When a chain of collision repair centers in the northeast USA discovered that Outlook web was hindering their unmatchable turnaround times, they approached Messageware. The issue at hand: Staff capture repair estimates for submission to insurers using kiosks conveniently located beside damaged vehicles. However, submitting a vehicle collision report becomes frustrating and time-consuming because Outlook [...]
Microsoft has released security updates (SUs) for vulnerabilities found in Exchange Server 2013, Exchange Server 2016, Exchange Server 2019.
Stealthy, “highly sophisticated” post-exploitation framework used for data exfiltration likely the work of a state-sponsored threat actor. In late 2021, security researchers on CrowdStrike’s Falcon OverWatch team first detected a modular exploit targeting Microsoft Exchange Servers. Dubbed IceApple, the .NET-based framework has been observed in “distinct locations” and primarily directed toward entities in government, academic [...]
You can use the information in this article to verify the version of Exchange that is running in your organization. This article is organized into sections by Exchange version (2010, 2013, 2016, 2019). Microsoft's monthly “Patch Tuesday” releases are listed below, with their corresponding build numbers and release dates for each Service Pack (SP), Cumulative [...]
In 2022, a wave of cyberattacks and data breaches swept across the globe after multiple zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to servers and email. Recently, businesses were warned that Chinese and Russian cyberattacks are imminent and that business leaders must act to strengthen their digital defences. Here [...]
On April 20, 2022 Microsoft released new Cumulative Updates: Exchange 2016 CU23 and Exchange 2019 CU12. The previous Cumulative Updates were released on September 28, 2021, more than 6 months ago.
The March 2022 SUs for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately. These vulnerabilities affect on-premises Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange [...]
Microsoft has just launched a quarterly cyber threat intelligence brief branded Cyber Signals. The new publication offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and strategies used by the world’s most prolific threat actors. Cyber Signals is aimed at Chief Information Security Officers, Chief Information Officers, Chief Privacy Officers, and their teams, as they continue [...]
Microsoft revisits the Priority Account Protection in 365: (Microsoft 365 Defender): Applying a higher level of protection to accounts likely to be targeted by attackers is a more compelling offer as the last thing you want is for an executive to fall foul of a business email compromise attack or other phishing attempts like the recent Office VoIP voicemail [...]
January 2022 Exchange Server Security Updates Microsoft has released security updates for vulnerabilities found in: Exchange Server 2019 Cumulative Update 11 Security Update 3 (KB5008631) Exchange Server 2019 Cumulative Update 10 Security Update 4 (KB5008631) Exchange Server 2016 Cumulative Update 22 Security Update 3 (KB5008631) Exchange Server 2016 Cumulative Update 21 Security Update 4 (KB5008631) Exchange [...]
As we all ushered in the New Year, a date check failure in Exchange Server 2016 and 2019 made it impossible for Exchange servers to accommodate the year 2022. The bug, dubbed 'the Y2K22 bug' prevented on-premise Microsoft Exchange servers from sending millions of emails. Fortunately, Microsoft was quick to act and has released an [...]
It's December, and there is plenty of good news... Microsoft has not released any December Exchange Server CUs or SUs, Messageware Exchange Server Guard now secures more Exchange Servers than ever, and the holiday season is upon us! But while everything feels a little more upbeat this week, the second half of 2021 was undoubtedly challenging, with [...]
Microsoft announces there is no major CU release for December 2021. Microsoft typically releases Cumulative Updates quarterly for Exchange Server 2019, 2016, and 2013. There have been a number of critical Security Updates since the latest September 2021 CUs: see KB5007409, KB5007012. For convenience, here are direct links to the Microsoft downloads for the latest [...]
The November 2021 security updates for Exchange Server address vulnerabilities reported by security partners and found through Microsoft’s internal processes. We are aware of limited targeted attacks in the wild using one of vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment. For convenience, [...]
