Trusted by more than 2500 companies with over 5 million users

IceApple exploit framework targeting Microsoft Exchange servers

Stealthy, “highly sophisticated” post-exploitation framework used for data exfiltration likely the work of a state-sponsored threat actor. In late 2021, security researchers on CrowdStrike’s Falcon OverWatch team first detected a modular exploit targeting Microsoft Exchange Servers. Dubbed IceApple, the .NET-based framework has been observed in “distinct locations” and primarily directed toward entities in government, academic [...]

Microsoft Exchange – Messageware Q2 2022 Newsletter

In 2022, a wave of cyberattacks and data breaches swept across the globe after multiple zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to servers and email. Recently, businesses were warned that Chinese and Russian cyberattacks are imminent and that business leaders must act to strengthen their digital defences. Here [...]

2022-04-26T09:58:01-04:00News|

Microsoft Exchange Server Build Numbers and Release Dates

You can use the information in this article to verify the version of Exchange that is running in your organization. This article is organized in sections that correspond to the major releases of Exchange. Each section lists build numbers for each Service Pack (SP), Cumulative Update (CU), Security Update (SU), or Update Rollup (RU) of [...]

2022-04-26T10:12:04-04:00Microsoft Exchange|

Microsoft Exchange Server – Cumulative Updates – April 2022

On April 20, 2022 Microsoft released new Cumulative Updates: Exchange 2016 CU23 and Exchange 2019 CU12. The previous Cumulative Updates were released on September 28, 2021, more than 6 months ago.

Microsoft March 2022 Patch Tuesday: 2 Exchange Server vulnerabilities fixed

The March 2022 SUs for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately. These vulnerabilities affect on-premises Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange [...]

Microsoft launches quarterly Cyber Security Intelligence Brief

Microsoft has just launched a quarterly cyber threat intelligence brief branded Cyber Signals. The new publication offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and strategies used by the world’s most prolific threat actors.  Cyber Signals is aimed at Chief Information Security Officers, Chief Information Officers, Chief Privacy Officers, and their teams, as they continue [...]

Microsoft revisits the Priority Account Protection in 365

Microsoft revisits the Priority Account Protection in 365:  (Microsoft 365 Defender): Applying a higher level of protection to accounts likely to be targeted by attackers is a more compelling offer as the last thing you want is for an executive to fall foul of a business email compromise attack or other phishing attempts like the recent Office VoIP voicemail [...]

2022-02-08T10:30:13-05:00News|

Microsoft Exchange Server – January 2022 Exchange Server Security Updates

January 2022 Exchange Server Security Updates Microsoft has released security updates for vulnerabilities found in: Exchange Server 2019 Cumulative Update 11 Security Update 3 (KB5008631) Exchange Server 2019 Cumulative Update 10 Security Update 4 (KB5008631) Exchange Server 2016 Cumulative Update 22 Security Update 3 (KB5008631) Exchange Server 2016 Cumulative Update 21 Security Update 4 (KB5008631) Exchange [...]

Microsoft Exchange – Messageware Q4 2021 Newsletter

It's December, and there is plenty of good news... Microsoft has not released any December Exchange Server CUs or SUs, Messageware Exchange Server Guard now secures more Exchange Servers than ever, and the holiday season is upon us! But while everything feels a little more upbeat this week, the second half of 2021 was undoubtedly challenging, with [...]

2022-01-18T10:11:25-05:00News|

Microsoft Exchange Server Security – December 2021 CUs Postponed, Critical SUs Needed

Microsoft announces there is no major CU release for December 2021. Microsoft typically releases Cumulative Updates quarterly for Exchange Server 2019, 2016, and 2013. There have been a number of critical Security Updates since the latest September 2021 CUs: see KB5007409, KB5007012. For convenience, here are direct links to the Microsoft downloads for the latest [...]