close

Exchange 2013

Our Sponsors

latest

Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches

The recent exposure of a privilege elevation vulnerability that exists in the control Exchange has over Active Directory and EWS push notifications is fixed by cumulative updates for Exchange 2013, Exchange 2016, and Exchange 2019 and a roll-up update for Exchange 2010 SP3. These changes mark an architectural modification for Exchange, something that Microsoft is loathe to do outside major releases. Install the updates now!

Feb 12, 2019|Tony Redmond

Fixing a Multi-Protocol Exchange Server Vulnerability

No fix is available yet for the Exchange vulnerability reported by Dirk-jan Mollema and described in CVE-2018-8581. Apart from deploying a split permissions model, no out-of-the-box mitigation exists today. Microsoft is working actively to fix the problem and in the meantime, the brains of the Exchange community are hard at work to come up with possible solutions.

Jan 29, 2019|Tony Redmond

All Versions of On-Premises Exchange Server Vulnerable to New Attack

A newly-discovered vulnerability in Exchange potentially allows attackers to gain control over Active Directory. Since Exchange 2000, Exchange has been a highly-privileged server that's tightly connected to Active Directory. Add in some NTLM weakness, Exchange Web Services push notifications, and everything comes together for the bad guys.

Jan 25, 2019|Tony Redmond

Microsoft Migrates Exchange Public Folders to Office 365 Groups

Microsoft has new tools to migrate public folders (the "cockroaches of Exchange") to Office 365 Groups. Sounds good. The good news is that the tools work, even if they need a lot of manual oversight. ISVs offer tools to do the same job with more automation. The choice is yours!

Sep 5, 2017|Tony Redmond

Games Vendors Play with Exchange Hardware Configurations

Hardware vendors publish their solutions for Exchange through the Microsoft ESRP. The only thing is that some of the solutions are illogical and unworkable. In fact, some solutions are simply ridiculous. Sure, you could implement them - but at what cost and what level of reliability. But the solutions get your attention and that's their purpose.

Aug 31, 2017|Tony Redmond

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

Thank you to our petri.com site sponsors

Our sponsors help us keep our knowledge base free.

Article saved!

Access saved content from your profile page. View Saved