The first half of 2021 has been a very challenging period for everyone with Microsoft Exchange Servers. Numerous zero-day attacks and hackers adjusting published code to work-around emergency patches stretched messaging team resources to the limit.
Of interest during this period was the increased recognition that we want to know more about what is affecting our servers. And, of course, we want to have more automated protection whenever possible.
While some zero-day attacks are architecturally within Microsoft’s core software making them difficult to avoid, other attacks may be detected and mitigated. Through additional analytics, alerting, and controls, many Exchange Services and Exchange APIs can be hardened – such as Exchange services like Autodiscover, Offline Address Book (OAB), MAPI for Outlook, REST for Teams, EWS for clients and servers, OWA and ECP.
We will undoubtedly see more attacks probing Exchange Server and Exchange Services, both online and on-premises, which will continue to test infrastructures. Hardening infrastructure through analytics and automated controls will be critical to our IT Staff’s ability to ensure business operations continue unhindered.
Guarding Exchange Server and Exchange Services
Some time ago, Messageware recognized that guarding Outlook Web (OWA) was not enough. That is why we took the OWA Guard components and created Exchange Protocol Guard (EPG). With EPG, both Exchange Server and Exchange Services are monitored and controlled. For the first time, Exchange Admins can easily see connections from multiple services and can have automated handling for unusual activity against those services.
If you would like to see a live EPG web demo or have a short discussion on Exchange Security, schedule a 15 -minute timeslot with Gregg, our enterprise security account manager:
News: Exchange Server Guard (EPG)
With our June 2021 release, EPG receives several new features, including Daily and Weekly digests automatically emailed to the security team with a summary of all suspicious activity against the Exchange Server’s services.News: OWA Now Integrated with Windows Edge for Firstline Workers
The new versions of ActiveSend and OWA Desktop are fully integrated with Microsoft Edge for Microsoft 365 and Exchange Server. Giving users a much faster, seamless, and Outlook-like experience with OWA as their default mail client.
News: Microsoft CU’s for Exchange 2019,16,13,10 Servers
Quarterly Microsoft CUs (cumulative updates) and March security updates have been released for Exchange 2019, 2016, 2013, and 2010. As always, we have included the links below to the Microsoft Updates and matching Messageware releases.
Mark Rotman
President and CEO
Messageware Incorporated
Latest Cumulative Updates and Rollups
Microsoft Exchange Server 2019 CU10:
The Exchange team has announced the availability of the most recent quarterly servicing update to Exchange Server 2019. Cumulative Update 10 includes fixes for customer-reported issues, minor product enhancements, and previously released security bulletins. A complete list of issues resolved in Exchange Server 2019 Cumulative Update 10 can be found in Knowledge Base Article KB5003612.
Microsoft Exchange Server 2016 CU21:
The Exchange team has also announced the availability of Cumulative Update 20 for Exchange Server 2016. CU21 includes fixes for customer-reported issues, minor product enhancements, and previously released security bulletins. A complete list of issues resolved in Exchange Server 2016 Cumulative Update 21 can be found in Knowledge Base Article KB5003611.
Microsoft Exchange Server 2013 CU23:
Cumulative Update 23 for Exchange Server 2013: CU23 includes fixes for customer-reported issues, minor product enhancements, and previously released security bulletins. A complete list of issues resolved in Exchange Server 2013 Cumulative Update 23 can be found in Knowledge Base Article KB4489622.
Microsoft Exchange Server 2010 SP3 RU32:
Release Update 32 for Exchange Server 2010 SP3: A complete list of issues resolved in Exchange Server 2010 Security Update can be found in Release Update 31 – Knowledge Base Article KB45000978.