Microsoft Exchange Server is a widely used enterprise email, calendaring, and collaboration platform developed by Microsoft, designed to help organizations manage email, contacts, calendars, and tasks efficiently while supporting secure communication and integration with other Microsoft services. Due to its critical role in business operations and the sensitive information it handles, Exchange Server is a frequent [...]
Microsoft kicks off 2024 with a uneventful Patch Tuesday, maintaining the trend from December by not releasing any patches for Exchange Server 2019. Exchange Server 2019: CU14 Delayed to Jan 2024 There are still two more CUs for Exchange Server 2019: CU14 and CU15. CU14 is in its final stages of testing and validation and will be [...]
It’s mid-December and there is lots of good news heading into the end of 2023.Microsoft is not releasing any December Exchange Server CUs or SUs, a welcome break for those with vacations scheduled!We are officially launching our new security product, “Z-Day Guard for Exchange Servers”.It’s simple to install, easy to use, and extremely powerful, giving [...]
Microsoft's Shift in Servicing Cadence In a move that reflects a commitment to both innovation and stability, Microsoft announced last year a change in its servicing model for Exchange Server. This strategic shift saw the company adopt a twice-yearly release schedule for Cumulative Updates (CUs), targeting the first and second halves of each calendar year. [...]
The Microsoft July 2023 Patch Tuesday update (released July 11) does not include any changes for Exchange Server security. It does address 132 CVEs, nine of which were labelled as "critical." Most notably, this update also fixes six zero-day vulnerabilities that were actively exploited in the wild, as well as thirty-seven remote code execution (RCE) [...]
Microsoft released security updates for Exchange Server on June 14, 2023. While no active threats are currently known to be exploiting these vulnerabilities, IT admins should prioritize patching them as soon as possible. One of the most critical vulnerabilities is a bypass of fixes for two Exchange Server remote code execution bugs. This vulnerability exists [...]
The recent disruption to Microsoft 365 services resulted in users being unable to access their apps for the sixth time this year. Users had reported difficulties in accessing their Outlook mailboxes, and connection attempts to Microsoft 365 servers were unsuccessful. The company acknowledged these issues in a notification, stating, "User reports indicate that the disruption [...]
Microsoft has recently announced its intention to make Edge the default browser for opening web links from the Outlook application. According to the article, this update will affect users of Microsoft 365 services, meaning that any links clicked within the Outlook for Windows app will automatically open in Edge. The originating email with the link [...]
Microsoft 365 has experienced another outage, which is impacting search features in several services. Microsoft experienced another outage that impacted the search functionality of various Microsoft 365 services, including Outlook on the web, Exchange Online, SharePoint Online, Microsoft Teams, and Outlook desktop clients. The company acknowledged the problem on April 24th and stated that it [...]
The New York Attorney General has accepted a settlement of $200,000 from a New York-based medical malpractice law firm in response to their inadequate data security practices that resulted in more than one-hundred thousand hospital patient's details been exposed. According to Letitia James, the Attorney General of New York, HPMB's "poor data security measures" were [...]
Microsoft has released patches to fix numerous vulnerabilities in the February 2023 Patch Tuesday release including remote code execution in Exchange Server. Official announcement can be found here. Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 To learn more about these vulnerabilities, see the following [...]
Microsoft’s 365 Defender Research Team recently investigated an attack in which malicious OAuth applications were deployed on compromised cloud tenants. Initial Access The attacker first needed to compromise a cloud user’s account that had sufficient permissions in order to create a malicious OAuth application. The threat actor did this by launching credential-stuffing attacks against high-risk [...]
Microsoft has released security updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 The SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to [...]
Microsoft has released security updates (SUs) for vulnerabilities found in Exchange Server 2013, Exchange Server 2016, Exchange Server 2019.
Stealthy, “highly sophisticated” post-exploitation framework used for data exfiltration likely the work of a state-sponsored threat actor. In late 2021, security researchers on CrowdStrike’s Falcon OverWatch team first detected a modular exploit targeting Microsoft Exchange Servers. Dubbed IceApple, the .NET-based framework has been observed in “distinct locations” and primarily directed toward entities in government, academic [...]
You can use the information in this article to verify the version of Exchange that is running in your organization. This article is organized into sections by Exchange version (2010, 2013, 2016, 2019). Microsoft's monthly “Patch Tuesday” releases are listed below, with their corresponding build numbers and release dates for each Service Pack (SP), Cumulative [...]
On April 20, 2022 Microsoft released new Cumulative Updates: Exchange 2016 CU23 and Exchange 2019 CU12. The previous Cumulative Updates were released on September 28, 2021, more than 6 months ago.
The March 2022 SUs for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately. These vulnerabilities affect on-premises Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange [...]
January 2022 Exchange Server Security Updates Microsoft has released security updates for vulnerabilities found in: Exchange Server 2019 Cumulative Update 11 Security Update 3 (KB5008631) Exchange Server 2019 Cumulative Update 10 Security Update 4 (KB5008631) Exchange Server 2016 Cumulative Update 22 Security Update 3 (KB5008631) Exchange Server 2016 Cumulative Update 21 Security Update 4 (KB5008631) Exchange [...]
Microsoft announces there is no major CU release for December 2021. Microsoft typically releases Cumulative Updates quarterly for Exchange Server 2019, 2016, and 2013. There have been a number of critical Security Updates since the latest September 2021 CUs: see KB5007409, KB5007012. For convenience, here are direct links to the Microsoft downloads for the latest [...]
