Trusted by more than 2500 companies with over 5 million users

Microsoft January 2024 Patch Tuesday: Another Quiet Patch Tuesday for Exchange Server

Microsoft kicks off 2024 with a uneventful Patch Tuesday, maintaining the trend from December by not releasing any patches for Exchange Server 2019. Exchange Server 2019: CU14 Delayed to Jan 2024 There are still two more CUs for Exchange Server 2019: CU14 and CU15.  CU14 is in its final stages of testing and validation and will be [...]

Microsoft January 2024 Patch Tuesday: Another Quiet Patch Tuesday for Exchange Server2024-01-11T13:59:28-05:00

Microsoft Exchange – Messageware Q4 2023 Newsletter

It’s mid-December and there is lots of good news heading into the end of 2023.Microsoft is not releasing any December Exchange Server CUs or SUs, a welcome break for those with vacations scheduled!We are officially launching our new security product, “Z-Day Guard for Exchange Servers”.It’s simple to install, easy to use, and extremely powerful, giving [...]

Microsoft Exchange – Messageware Q4 2023 Newsletter2023-12-20T12:52:05-05:00

Understanding Microsoft’s Exchange Server Servicing Model

Microsoft's Shift in Servicing Cadence In a move that reflects a commitment to both innovation and stability, Microsoft announced last year a change in its servicing model for Exchange Server. This strategic shift saw the company adopt a twice-yearly release schedule for Cumulative Updates (CUs), targeting the first and second halves of each calendar year. [...]

Understanding Microsoft’s Exchange Server Servicing Model2023-11-27T11:14:24-05:00

Microsoft July 2023 Patch Tuesday: No Exchange Server Updates

The Microsoft July 2023 Patch Tuesday update (released July 11) does not include any changes for Exchange Server security. It does address 132 CVEs, nine of which were labelled as "critical." Most notably, this update also fixes six zero-day vulnerabilities that were actively exploited in the wild, as well as thirty-seven remote code execution (RCE) [...]

Microsoft July 2023 Patch Tuesday: No Exchange Server Updates2023-11-17T10:52:13-05:00

Microsoft June 2023 Patch Tuesday: Exchange Server Security Updates

Microsoft released security updates for Exchange Server on June 14, 2023. While no active threats are currently known to be exploiting these vulnerabilities, IT admins should prioritize patching them as soon as possible. One of the most critical vulnerabilities is a bypass of fixes for two Exchange Server remote code execution bugs. This vulnerability exists [...]

Microsoft June 2023 Patch Tuesday: Exchange Server Security Updates2023-11-17T10:53:37-05:00

Another Microsoft 365 Disruption: The Sixth Instance of Downtime in This Year

The recent disruption to Microsoft 365 services resulted in users being unable to access their apps for the sixth time this year. Users had reported difficulties in accessing their Outlook mailboxes, and connection attempts to Microsoft 365 servers were unsuccessful. The company acknowledged these issues in a notification, stating, "User reports indicate that the disruption [...]

Another Microsoft 365 Disruption: The Sixth Instance of Downtime in This Year2023-06-13T10:08:00-04:00

Microsoft to Make Edge Browser the Default for Outlook Web Links

Microsoft has recently announced its intention to make Edge the default browser for opening web links from the Outlook application. According to the article, this update will affect users of Microsoft 365 services, meaning that any links clicked within the Outlook for Windows app will automatically open in Edge. The originating email with the link [...]

Microsoft to Make Edge Browser the Default for Outlook Web Links2023-11-21T02:08:21-05:00

More interruptions for Microsoft 365

Microsoft 365 has experienced another outage, which is impacting search features in several services. Microsoft experienced another outage that impacted the search functionality of various Microsoft 365 services, including Outlook on the web, Exchange Online, SharePoint Online, Microsoft Teams, and Outlook desktop clients. The company acknowledged the problem on April 24th and stated that it [...]

More interruptions for Microsoft 3652023-05-09T08:41:40-04:00

Law firm HPMB fined $200,000 over Microsoft Exchange Server Security Breach

The New York Attorney General has accepted a settlement of $200,000 from a New York-based medical malpractice law firm in response to their inadequate data security practices that resulted in more than one-hundred thousand hospital patient's details been exposed. According to Letitia James, the Attorney General of New York, HPMB's "poor data security measures" were [...]

Law firm HPMB fined $200,000 over Microsoft Exchange Server Security Breach2023-04-05T10:37:01-04:00

Microsoft February 2023 Patch Tuesday: Exchange Server Security Updates

Microsoft has released patches to fix numerous vulnerabilities in the February 2023 Patch Tuesday release including remote code execution in Exchange Server. Official announcement can be found here. Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 To learn more about these vulnerabilities, see the following [...]

Microsoft February 2023 Patch Tuesday: Exchange Server Security Updates2023-02-16T05:22:29-05:00

Exchange Online Servers Hacked Using Malicious OAuth Applications

Microsoft’s 365 Defender Research Team recently investigated an attack in which malicious OAuth applications were deployed on compromised cloud tenants. Initial Access The attacker first needed to compromise a cloud user’s account that had sufficient permissions in order to create a malicious OAuth application. The threat actor did this by launching credential-stuffing attacks against high-risk [...]

Exchange Online Servers Hacked Using Malicious OAuth Applications2022-12-16T10:13:14-05:00

Microsoft August 2022 Patch Tuesday: Exchange Server vulnerabilities fixed

Microsoft has released security updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 The SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to [...]

Microsoft August 2022 Patch Tuesday: Exchange Server vulnerabilities fixed2023-04-24T06:56:38-04:00

IceApple exploit framework targeting Microsoft Exchange servers

Stealthy, “highly sophisticated” post-exploitation framework used for data exfiltration likely the work of a state-sponsored threat actor. In late 2021, security researchers on CrowdStrike’s Falcon OverWatch team first detected a modular exploit targeting Microsoft Exchange Servers. Dubbed IceApple, the .NET-based framework has been observed in “distinct locations” and primarily directed toward entities in government, academic [...]

IceApple exploit framework targeting Microsoft Exchange servers2022-12-27T07:22:34-05:00

Microsoft Exchange Server Build Numbers, Cumulative Updates (CU), Security Updates (SU) and Release Dates

You can use the information in this article to verify the version of Exchange that is running in your organization. This article is organized into sections by Exchange version (2010, 2013, 2016, 2019). Microsoft's monthly “Patch Tuesday” releases are listed below, with their corresponding build numbers and release dates for each Service Pack (SP), Cumulative [...]

Microsoft Exchange Server Build Numbers, Cumulative Updates (CU), Security Updates (SU) and Release Dates2024-02-13T13:23:37-05:00

Microsoft Exchange Server – Cumulative Updates – April 2022

On April 20, 2022 Microsoft released new Cumulative Updates: Exchange 2016 CU23 and Exchange 2019 CU12. The previous Cumulative Updates were released on September 28, 2021, more than 6 months ago.

Microsoft Exchange Server – Cumulative Updates – April 20222022-06-14T06:55:46-04:00

Microsoft March 2022 Patch Tuesday: 2 Exchange Server vulnerabilities fixed

The March 2022 SUs for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately. These vulnerabilities affect on-premises Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange [...]

Microsoft March 2022 Patch Tuesday: 2 Exchange Server vulnerabilities fixed2022-06-01T12:18:47-04:00

Microsoft Exchange Server – January 2022 Exchange Server Security Updates

January 2022 Exchange Server Security Updates Microsoft has released security updates for vulnerabilities found in: Exchange Server 2019 Cumulative Update 11 Security Update 3 (KB5008631) Exchange Server 2019 Cumulative Update 10 Security Update 4 (KB5008631) Exchange Server 2016 Cumulative Update 22 Security Update 3 (KB5008631) Exchange Server 2016 Cumulative Update 21 Security Update 4 (KB5008631) Exchange [...]

Microsoft Exchange Server – January 2022 Exchange Server Security Updates2022-06-14T06:56:33-04:00

Microsoft Exchange Server Security – December 2021 CUs Postponed, Critical SUs Needed

Microsoft announces there is no major CU release for December 2021. Microsoft typically releases Cumulative Updates quarterly for Exchange Server 2019, 2016, and 2013. There have been a number of critical Security Updates since the latest September 2021 CUs: see KB5007409, KB5007012. For convenience, here are direct links to the Microsoft downloads for the latest [...]

Microsoft Exchange Server Security – December 2021 CUs Postponed, Critical SUs Needed2022-06-11T11:37:59-04:00

Microsoft Exchange Server Security – November 2021 Updates

The November 2021 security updates for Exchange Server address vulnerabilities reported by security partners and found through Microsoft’s internal processes. We are aware of limited targeted attacks in the wild using one of vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment. For convenience, [...]

Microsoft Exchange Server Security – November 2021 Updates2022-06-11T11:37:33-04:00