Want to know about the security benefits of Microsoft's E5 license?

Exchange 2016

Our Sponsors


CVE-2020-0688 Puts Focus on Exchange On-Premises Vulnerabilities

The revelations that Exchange Server has had a vulnerability in the Exchange Control Panel since Exchange 2010 shocked some. Microsoft has patched CVE-2020-0688, but the problem gives on-premises administrators something to think about as they look to the long-term future of their email service. Staying on-premises is an option, but going to the cloud might be more secure.

Mar 12, 2020 | Tony Redmond

Exchange and the Turla LightNeuron Attack

Turla, a Russian cyber-espionage group is reported as being behind an attack on Exchange on-premises servers that uses transport agents to capture and process messages for selected users. It's an attack vector that hasn't been seen before and raises the question of how often administrators should review transport agents active on their servers. The important point is that unless your network is compromised, hackers cannot install transport agents on Exchange servers and this attack is more theoretical than practical.

May 9, 2019 | Tony Redmond

Stick or Stay: Should I Upgrade to Exchange 2019?

Exchange 2019 has been around for six months. It's a good time to consider if on-premises organizations should upgrade or stick with the version of Exchange they run today. Exchange 2019 is a solid release, even if Microsoft's engineering efforts are largely focused on the cloud these days. Of course, moving to Exchange Online is an option too, but perhaps not for the dedicated on-premises deployments.

Mar 14, 2019 | Tony Redmond

Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches

The recent exposure of a privilege elevation vulnerability that exists in the control Exchange has over Active Directory and EWS push notifications is fixed by cumulative updates for Exchange 2013, Exchange 2016, and Exchange 2019 and a roll-up update for Exchange 2010 SP3. These changes mark an architectural modification for Exchange, something that Microsoft is loathe to do outside major releases. Install the updates now!

Feb 12, 2019 | Tony Redmond

Fixing a Multi-Protocol Exchange Server Vulnerability

No fix is available yet for the Exchange vulnerability reported by Dirk-jan Mollema and described in CVE-2018-8581. Apart from deploying a split permissions model, no out-of-the-box mitigation exists today. Microsoft is working actively to fix the problem and in the meantime, the brains of the Exchange community are hard at work to come up with possible solutions.

Jan 29, 2019 | Tony Redmond

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

Thank you to our site sponsors

Our sponsors help us keep our knowledge base free.

Article saved!

Access saved content from your profile page. View Saved