Microsoft has issued an important alert for organizations that send or receive email through Exchange Online over SMTP. If the systems involved do not trust the DigiCert Global Root G2 root certificate and its subordinate certificate authorities, secure mail flow can fail once older trust paths are no longer accepted. This matters because Exchange Online [...]

Server Threat Guard (STG) is a real-time security and health monitoring solution for Windows servers. It detects threats, tracks server health, and gives administrators the visibility they need to act before problems escalate. While the prior release focused on expanding vulnerability detection, v2.7 is centered on making that intelligence easier to see and act on [...]

Microsoft has confirmed that no security patches will be released for any version of Exchange Server in March 2026, including Exchange Server Subscription Edition (SE) and the Extended Security Update (ESU) versions of Exchange 2016 and 2019.​ Understanding the Extended Security Update Program Organizations running Exchange 2016 and 2019 after their October 14, 2025 end-of-support [...]

Microsoft has released its February 2026 security updates for Exchange Server, addressing a critical elevation of privilege vulnerability that affects multiple versions of the platform. The updates are available for Exchange Server Subscription Edition (SE) as well as legacy versions through the Extended Security Updates (ESU) program. Affected Exchange Server Versions The February 2026 security [...]

We're pleased to announce the release of Server Threat Guard (STG) Version 2.6. This update continues to expand STG's capabilities as a unified solution that combines advanced server security with comprehensive health monitoring for Windows Servers across all platforms including on-premises, Azure, AWS, and others. What's New in v2.6 STG v2.6 introduces silent installation for [...]

Microsoft 365 users learned a harsh lesson in January, cloud infrastructure isn't as reliable as promised. The month saw four major outages that disrupted businesses worldwide, with the most severe occurring on January 22 when critical services remained inaccessible for over nine hours. These repeated failures exposed fundamental weaknesses in cloud architecture and raised serious [...]

Live Probing Data Targeting Windows and Exchange Servers Last month, we blocked over 1300 malicious / unauthorized connections attempts from 13 countries targeting our infrastructure. Our systems detected this significant spike in internet probing activity targeting our Windows servers. Thanks to our real-time threat intelligence feeds, these connection attempts were identified immediately and blocked before [...]

Microsoft has confirmed that no security patches will be released for any version of Exchange Server in January 2026, including Exchange Server Subscription Edition (SE) and the Extended Security Update (ESU) versions of Exchange 2016 and 2019.​ Understanding the Extended Security Update Program Organizations running Exchange 2016 and 2019 after their October 14, 2025 end-of-support [...]

Smart and effective server security that combines real-time threat detection with health monitoring to identify real risks and changes in system reliability. TORONTO - Jan. 14, 2026 - PRLog -- Messageware Incorporated today announced the release of Server Threat Guard (STG) Version 2.5 for 2026. This latest release significantly expands STG's capabilities, evolving beyond traditional intrusion detection to deliver a unified [...]

Microsoft has issued crucial security updates for Exchange Server, addressing multiple vulnerabilities across Exchange Server Subscription Edition (SE), Exchange Server 2019, and Exchange Server 2016. The December 2025 security updates patch several critical flaws, including CVE-2025-64666, an elevation of privilege vulnerability, and CVE-2025-64667, a spoofing vulnerability. SUs are available for the following specific versions of [...]

In this article, we'll explore high volume logon attacks (HVAs) against on-premise Microsoft Exchange servers including the ongoing detrimental effects on the organization being attacked. Active Directory (AD) environments are particularly susceptible because a single compromised account can trigger widespread network infiltration. As a result, password attacks can lead to severe consequences, including data breaches, [...]

Organizations running Exchange Server SE always utilize firewalls to help protect the environment. These range from very expensive comprehensive systems with many features to firewalls with very basic security controls. I’m always surprised by the very diverse deployments across the many customer systems we encounter.  Why Traditional Firewalls and Geo-Blocking Fall Short Some firewalls offer [...]

For years, users of the open-source email client Thunderbird have faced a common hurdle in corporate environments: Microsoft Exchange. While Thunderbird has always been a robust alternative to Outlook, connecting it to Exchange servers often required paid third-party add-ons (like Owl or ExQuilla) or relying on sometimes-fickle IMAP/POP configurations. With the release of Thunderbird 145, that [...]

The threat outlook for on-premises Exchange Server SE security has shifted from "constant monitoring" to "imminent threat." In a new joint advisory, the NSA, CISA, the FBI, and international partners (ASD's ACSC and CCCS) have issued a stark warning: nation-state actors and cybercriminals continuously target Exchange environments. With the release of this guidance, it is [...]

This month, Microsoft has announced that no security updates are being released for any version of Exchange Server in November 2025. This includes all customers using Exchange Server SE as well as those with Extended Security Updates (ESU) for Exchange Server 2019 and 2016. Microsoft reminds customers that although mainstream support for Exchange 2016 and 2019 has [...]

CISA and NSA have released urgent security guidance for organizations running Microsoft Exchange Server, warning that on-premises instances face imminent threats from nation-state attackers and cybercriminals. The joint advisory, developed with Australia's Cyber Security Centre and Canada's Cyber Centre, addresses persistent exploitation attempts targeting both Exchange servers and Windows Server Update Services (WSUS) infrastructure.​ Growing [...]

Microsoft has officially announced the end of support for Office Online Server, effective December 31, 2026. This decision affects organizations that rely on on-premises browser-based document editing and viewing capabilities, pushing them toward Microsoft 365 or alternative solutions as they plan their migration strategies.​ What is Office Online Server Office Online Server was designed to provide [...]

Cybersecurity researchers have uncovered a widespread attack campaign exploiting Microsoft 365 Exchange Online's Direct Send feature, allowing threat actors to spoof internal users and deliver phishing emails without compromising a single account. Cisco Talos, Varonis Threat Labs, and multiple email security vendors report that over 70 organizations across various industries have been targeted since May [...]

Microsoft has released critical security updates for Exchange Server, marking a significant milestone as these represent the final publicly available updates for Exchange Server 2016 and 2019. The October 2025 Security Updates (SUs) address multiple vulnerabilities across Exchange Server Subscription Edition (SE), Exchange Server 2019, and Exchange Server 2016.​ Affected Versions and Availability The October [...]

Suspected Chinese hackers have infiltrated the Microsoft Exchange email servers of foreign ministries across Africa, the Middle East, and Asia in a sophisticated, multi-year espionage operation. Researchers at Palo Alto Networks' Unit 42 threat intelligence division revealed the discovery of Phantom Taurus, a previously undocumented nation-state actor conducting intelligence collection operations aligned with People's Republic [...]