The recent disruption to Microsoft 365 services resulted in users being unable to access their apps for the sixth time this year. Users had reported difficulties in accessing their Outlook mailboxes, and connection attempts to Microsoft 365 servers were unsuccessful. The company acknowledged these issues in a notification, stating, "User reports indicate that the disruption [...]
Microsoft has recently announced its intention to make Edge the default browser for opening web links from the Outlook application. According to the article, this update will affect users of Microsoft 365 services, meaning that any links clicked within the Outlook for Windows app will automatically open in Edge. The originating email with the link [...]
Microsoft 365 has experienced another outage, which is impacting search features in several services. Microsoft experienced another outage that impacted the search functionality of various Microsoft 365 services, including Outlook on the web, Exchange Online, SharePoint Online, Microsoft Teams, and Outlook desktop clients. The company acknowledged the problem on April 24th and stated that it [...]
The New York Attorney General has accepted a settlement of $200,000 from a New York-based medical malpractice law firm in response to their inadequate data security practices that resulted in more than one-hundred thousand hospital patient's details been exposed. According to Letitia James, the Attorney General of New York, HPMB's "poor data security measures" were [...]
Microsoft has released patches to fix numerous vulnerabilities in the February 2023 Patch Tuesday release including remote code execution in Exchange Server. Official announcement can be found here. Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 To learn more about these vulnerabilities, see the following [...]
Microsoft’s 365 Defender Research Team recently investigated an attack in which malicious OAuth applications were deployed on compromised cloud tenants. Initial Access The attacker first needed to compromise a cloud user’s account that had sufficient permissions in order to create a malicious OAuth application. The threat actor did this by launching credential-stuffing attacks against high-risk [...]
Microsoft has released security updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 The SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to [...]
Microsoft has released security updates (SUs) for vulnerabilities found in Exchange Server 2013, Exchange Server 2016, Exchange Server 2019.
Stealthy, “highly sophisticated” post-exploitation framework used for data exfiltration likely the work of a state-sponsored threat actor. In late 2021, security researchers on CrowdStrike’s Falcon OverWatch team first detected a modular exploit targeting Microsoft Exchange Servers. Dubbed IceApple, the .NET-based framework has been observed in “distinct locations” and primarily directed toward entities in government, academic [...]
You can use the information in this article to verify the version of Exchange that is running in your organization. This article is organized in sections that correspond to the major releases of Exchange. Each section lists build numbers for each Service Pack (SP), Cumulative Update (CU), Security Update (SU), or Update Rollup (RU) of [...]
On April 20, 2022 Microsoft released new Cumulative Updates: Exchange 2016 CU23 and Exchange 2019 CU12. The previous Cumulative Updates were released on September 28, 2021, more than 6 months ago.
The March 2022 SUs for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately. These vulnerabilities affect on-premises Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange [...]
January 2022 Exchange Server Security Updates Microsoft has released security updates for vulnerabilities found in: Exchange Server 2019 Cumulative Update 11 Security Update 3 (KB5008631) Exchange Server 2019 Cumulative Update 10 Security Update 4 (KB5008631) Exchange Server 2016 Cumulative Update 22 Security Update 3 (KB5008631) Exchange Server 2016 Cumulative Update 21 Security Update 4 (KB5008631) Exchange [...]
Microsoft announces there is no major CU release for December 2021. Microsoft typically releases Cumulative Updates quarterly for Exchange Server 2019, 2016, and 2013. There have been a number of critical Security Updates since the latest September 2021 CUs: see KB5007409, KB5007012. For convenience, here are direct links to the Microsoft downloads for the latest [...]
The November 2021 security updates for Exchange Server address vulnerabilities reported by security partners and found through Microsoft’s internal processes. We are aware of limited targeted attacks in the wild using one of vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment. For convenience, [...]
October 2021 Exchange Server Security Updates Microsoft has released security updates for vulnerabilities found in: Exchange Server 2013 CU23 (Exchange 2013 customers might also need to /prepareschema. Please see this post.) Exchange Server 2016 CU21 and CU22 Exchange Server 2019 CU10 and CU11 For full details refer to this article. Summary of updates: Be sure to visit Messageware Security Products for Microsoft Exchange [...]
Software Release - EPG 3.6.1 The following updates are now available now EPG 3.6.1 customers and trial users. Messageware EPG 2019 v3.6.1 Messageware EPG 2016 v3.6.1 Messageware EPG 2013 v3.6.1 Note: Prior to upgrading from 3.5 or earlier, make note of all entries in IP Filtering menu - Allow Lists tab. These IPs will need [...]
A quick update to keep everyone informed on important Microsoft Exchange security updates: May 11, 2021 – Microsoft Exchange Server vulnerability – this time it is a security feature bypass and is one of the Exchange vulnerabilities that was found during PWN2OWN 2021. Microsoft has rated this as Exploitation Less Likely on the latest software [...]
A quick update to keep everyone informed on important Microsoft Exchange security updates: April 13, 2021 – Microsoft released new and urgent security updates for Exchange server 2019, 2016, 2013 covering four Remote Code vulnerabilities: […]
If Microsoft Exchange Server is your enterprise platform for email, you likely have also deployed Microsoft Exchange Outlook Web to enable employees to access email, calendars and contact information via mobile devices and web browsers. Making Outlook Web (OWA) available reduces IT costs and encourages user productivity, but it also creates additional security risks. Exposing [...]
