Its December & Good news is everywhere – the Holiday season is here, Microsoft just patched all versions of Exchange Servers, Vaccines are approved, and Messageware has officially released Exchange Protocol Guard 3.4, EPG!
EPG 3.4 Security for Exchange Servers:
This release includes our newest protection: LVA. LVA or Low-Volume Attacks are targeted persistent attacks that evade traditional detection by attacking below Active Directory lockout thresholds. In these attacks login attempts occur at substantially reduced rates, methodically targeting key accounts over long periods of time. Whether the attacks are against programmatic Exchange Server services left unprotected by 2FA, or against common form-based login pages like OWA and ECP, our new EPG version see’s them all! And, EPG 3.4 adds protection and monitoring of 25% more services – adding protocol protection for REST – Microsoft Teams and OAB – Offline Address Books. EPG now secures a total of 9 Exchange Server services and protocols.
Edge Browser News for OWA:
Microsoft is releasing an Edge Browser toolkit, and in January 2021 we plan to release new versions of our software that makes Outlook Web more like Outlook. Leveraging the new Edge engine we will provide a fast, fully integrated experience for Outlook Web with Edge. What this really means is that Outlook Web Firstline Workers on Microsoft 365 and on Exchange Server will be able to enjoy that Outlook-like experience with OWA! In case you missed them, I’ve included links to two short demo videos.
Exchange Server Updates and Critical Patches:
In the news this month, Microsoft announced the availability of Cumulative Updates for Exchange Server 2019 and 2016, as well as security updates and patches for all Exchange versions 2019 through 2010 — we have included links below.
In closing, I’d like to wish you Happy Holiday and a Healthy 2021. The past year has shown us how incredibly important that is.
Mark Rotman
President and CEO
Messageware Incorporated
Latest Cumulative Updates and Rollups
December CU – Cumulative Updates (includes the SUs)
Microsoft Exchange Server 2019 CU8:
The Exchange team has announced the availability of the most recent quarterly servicing update to Exchange Server 2019. Cumulative Update 8 includes fixes for customer reported issues, minor product enhancements, and previously released security bulletins. This Knowledge Base Article contains a complete list of issues resolved in Exchange Server 2019 Cumulative Update 8.
Microsoft Exchange Server 2016 CU19:
The Exchange team has also announced the availability of Cumulative Update 19 for Exchange Server
2016. CU19 includes fixes for customer reported issues, minor product enhancements, and previously
released security bulletins. A complete list of issues resolved in Exchange Server 2016 Cumulative Update 19 can be found in Knowledge Base Article KB4588884.
December SU – Security Updates
Patches are for these specific CU releases:
Microsoft Exchange Server 2019 CU6 SU4:
The Exchange team has also announced a Security Update (SU4) for Exchange Server 2019 CU6. SU4 fixes a remote code execution vulnerability that exists in Microsoft Exchange software when the software fails to properly handle objects in memory. More information can be found in Knowledge Base Article KB 4593465.
Microsoft Exchange Server 2019 CU7 SU3:
The Exchange team has also announced a Security Update (SU3) for Exchange Server 2019 CU7. SU3 fixes a remote code execution vulnerability that exists in Microsoft Exchange software when the software fails to properly handle objects in memory. More information can be found in Knowledge Base Article KB 4593465.
Microsoft Exchange Server 2016 CU17 SU4:
The Exchange team has also announced a Security Update (SU4) for Exchange Server 2016 CU17. SU4 fixes a remote code execution vulnerability that exists in Microsoft Exchange software when the software fails to properly handle objects in memory. More information can be found in Knowledge Base Article KB 4593465.
Microsoft Exchange Server 2016 CU18 SU3:
The Exchange team has also announced a Security Update (SU3) for Exchange Server 2016 CU18. SU3 fixes a remote code execution vulnerability that exists in Microsoft Exchange software when the software fails to properly handle objects in memory. More information can be found in Knowledge Base Article KB 4593465.
Microsoft Exchange Server 2013 CU23 SU6:
The Exchange team has also announced a Security Update (SU6) for Exchange Server 2013 CU23. SU6 fixes a remote code execution vulnerability that exists in Microsoft Exchange software when the software fails to properly handle objects in memory. More information can be found in Knowledge Base Article KB 4593466.
The Exchange team announced the availability of Release Update 31 for Exchange Server 2010 SP3. A complete list of issues resolved in Exchange Server 2010 Security Update can be found in Release Update 31 – Knowledge Base Article KB 4593467.