Trusted by more than 2500 companies with over 5 million users

Another Microsoft 365 Disruption: The Sixth Instance of Downtime in This Year

The recent disruption to Microsoft 365 services resulted in users being unable to access their apps for the sixth time this year. Users had reported difficulties in accessing their Outlook mailboxes, and connection attempts to Microsoft 365 servers were unsuccessful. The company acknowledged these issues in a notification, stating, "User reports indicate that the disruption [...]

Microsoft to Make Edge Browser the Default for Outlook Web Links

Microsoft has recently announced its intention to make Edge the default browser for opening web links from the Outlook application. According to the article, this update will affect users of Microsoft 365 services, meaning that any links clicked within the Outlook for Windows app will automatically open in Edge. The originating email with the link [...]

More interruptions for Microsoft 365

Microsoft 365 has experienced another outage, which is impacting search features in several services. Microsoft experienced another outage that impacted the search functionality of various Microsoft 365 services, including Outlook on the web, Exchange Online, SharePoint Online, Microsoft Teams, and Outlook desktop clients. The company acknowledged the problem on April 24th and stated that it [...]

Law firm HPMB fined $200,000 over Microsoft Exchange Server Security Breach

The New York Attorney General has accepted a settlement of $200,000 from a New York-based medical malpractice law firm in response to their inadequate data security practices that resulted in more than one-hundred thousand hospital patient's details been exposed. According to Letitia James, the Attorney General of New York, HPMB's "poor data security measures" were [...]

Microsoft February 2023 Patch Tuesday: Exchange Server Security Updates

Microsoft has released patches to fix numerous vulnerabilities in the February 2023 Patch Tuesday release including remote code execution in Exchange Server. Official announcement can be found here. Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 To learn more about these vulnerabilities, see the following [...]

Exchange Online Servers Hacked Using Malicious OAuth Applications

Microsoft’s 365 Defender Research Team recently investigated an attack in which malicious OAuth applications were deployed on compromised cloud tenants. Initial Access The attacker first needed to compromise a cloud user’s account that had sufficient permissions in order to create a malicious OAuth application. The threat actor did this by launching credential-stuffing attacks against high-risk [...]

Microsoft August 2022 Patch Tuesday: Exchange Server vulnerabilities fixed

Microsoft has released security updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 The SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to [...]

IceApple exploit framework targeting Microsoft Exchange servers

Stealthy, “highly sophisticated” post-exploitation framework used for data exfiltration likely the work of a state-sponsored threat actor. In late 2021, security researchers on CrowdStrike’s Falcon OverWatch team first detected a modular exploit targeting Microsoft Exchange Servers. Dubbed IceApple, the .NET-based framework has been observed in “distinct locations” and primarily directed toward entities in government, academic [...]

2022-12-27T07:22:34-05:00Exchange Security, Microsoft Exchange|

Microsoft Exchange Server Build Numbers, Cumulative Updates (CU), Security Updates (SU) and Release Dates

You can use the information in this article to verify the version of Exchange that is running in your organization. This article is organized in sections that correspond to the major releases of Exchange. Each section lists build numbers for each Service Pack (SP), Cumulative Update (CU), Security Update (SU), or Update Rollup (RU) of [...]

2023-05-11T08:39:04-04:00Microsoft Exchange|

Microsoft March 2022 Patch Tuesday: 2 Exchange Server vulnerabilities fixed

The March 2022 SUs for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately. These vulnerabilities affect on-premises Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange [...]

2022-06-01T12:18:47-04:00Exchange Security, Microsoft Exchange|

Microsoft Exchange Server – January 2022 Exchange Server Security Updates

January 2022 Exchange Server Security Updates Microsoft has released security updates for vulnerabilities found in: Exchange Server 2019 Cumulative Update 11 Security Update 3 (KB5008631) Exchange Server 2019 Cumulative Update 10 Security Update 4 (KB5008631) Exchange Server 2016 Cumulative Update 22 Security Update 3 (KB5008631) Exchange Server 2016 Cumulative Update 21 Security Update 4 (KB5008631) Exchange [...]

2022-06-14T06:56:33-04:00In The News, Microsoft Exchange|

Microsoft Exchange Server Security – December 2021 CUs Postponed, Critical SUs Needed

Microsoft announces there is no major CU release for December 2021. Microsoft typically releases Cumulative Updates quarterly for Exchange Server 2019, 2016, and 2013. There have been a number of critical Security Updates since the latest September 2021 CUs: see KB5007409, KB5007012. For convenience, here are direct links to the Microsoft downloads for the latest [...]

2022-06-11T11:37:59-04:00In The News, Microsoft Exchange|

Microsoft Exchange Server Security – November 2021 Updates

The November 2021 security updates for Exchange Server address vulnerabilities reported by security partners and found through Microsoft’s internal processes. We are aware of limited targeted attacks in the wild using one of vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment. For convenience, [...]

2022-06-11T11:37:33-04:00In The News, Microsoft Exchange|

Microsoft Exchange Server – October 2021 Exchange Server Security Updates

October 2021 Exchange Server Security Updates Microsoft has released security updates for vulnerabilities found in: Exchange Server 2013 CU23 (Exchange 2013 customers might also need to /prepareschema. Please see this post.) Exchange Server 2016 CU21 and CU22 Exchange Server 2019 CU10 and CU11 For full details refer to this article. Summary of updates:   Be sure to visit Messageware Security Products for Microsoft Exchange [...]

2022-06-11T11:48:59-04:00In The News, Microsoft Exchange|

Exchange Protocol Guard – Software Release – EPG 3.6.1

Software Release - EPG 3.6.1 The following updates are now available now EPG 3.6.1  customers and trial users. Messageware EPG 2019 v3.6.1 Messageware EPG 2016 v3.6.1 Messageware EPG 2013 v3.6.1 Note: Prior to upgrading from 3.5 or earlier, make note of all entries in IP Filtering menu - Allow Lists tab. These IPs will need [...]

2022-06-11T11:50:52-04:00In The News, Microsoft Exchange|

Microsoft Exchange Server – May Patches – KB5003435 Security Update

A quick update to keep everyone informed on important Microsoft Exchange security updates: May 11, 2021 – Microsoft Exchange Server vulnerability – this time it is a security feature bypass and is one of the Exchange vulnerabilities that was found during PWN2OWN 2021. Microsoft has rated this as Exploitation Less Likely on the latest software [...]

2022-06-11T11:52:23-04:00In The News, Microsoft Exchange|

Microsoft Exchange Server – April Patches – KB5001779 Security Update

A quick update to keep everyone informed on important Microsoft Exchange security updates: April 13, 2021 – Microsoft released new and urgent security updates for Exchange server 2019, 2016, 2013 covering four Remote Code vulnerabilities: […]

2022-06-11T11:51:30-04:00In The News, Microsoft Exchange|

5 ways to protect Microsoft Exchange/Outlook Web from Brute Force, DoS

If Microsoft Exchange Server is your enterprise platform for email, you likely have also deployed Microsoft Exchange Outlook Web to enable employees to access email, calendars and contact information via mobile devices and web browsers. Making Outlook Web (OWA) available reduces IT costs and encourages user productivity, but it also creates additional security risks. Exposing [...]

2023-05-05T09:38:42-04:00Blog, Microsoft Exchange, Outlook Web|