No fix is available yet for the Exchange vulnerability reported by Dirk-jan Mollema and described in CVE-2018-8581. Apart from deploying a split permissions model, no out-of-the-box mitigation exists today. Microsoft is working actively to fix the problem and in the meantime, the brains of the Exchange community are hard at work to come up with possible solutions.
A newly-discovered vulnerability in Exchange potentially allows attackers to gain control over Active Directory. Since Exchange 2000, Exchange has been a highly-privileged server that’s tightly connected to Active Directory. Add in some NTLM weakness, Exchange Web Services push notifications, and everything comes together for the bad guys.
Companies that move to Office 365 have to decide what mobile email client to use. A native client that uses Exchange ActiveSync (EAS) or Outlook? In the past, the best choice was probably something like the iOS mail app. Now, Outlook is the focus of Microsoft’s mobile efforts and it’s where all the new functionality appears. EAS is still valuable, just less so than it was before.
Apple released iOS 11 and found that the mail app cannot connect to Exchange Online or Exchange 2016. It’s all to do with HTTP2 connections. Apple tries to connect via ActiveSync but doesn’t do so the way that Exchange likes, or something like that. In any case, maybe now’s the time to consider Outlook for iOS.
Microsoft has new tools to migrate public folders (the “cockroaches of Exchange”) to Office 365 Groups. Sounds good. The good news is that the tools work, even if they need a lot of manual oversight. ISVs offer tools to do the same job with more automation. The choice is yours!
Hardware vendors publish their solutions for Exchange through the Microsoft ESRP. The only thing is that some of the solutions are illogical and unworkable. In fact, some solutions are simply ridiculous. Sure, you could implement them – but at what cost and what level of reliability. But the solutions get your attention and that’s their purpose.
Surprisingly, Microsoft has never included a central method to manage user autosignatures within the cloud or on-premises versions of Exchange. Which means that you must let users manage their signatures, build your own tools, or deploy a commercial solution.
Microsoft now supports the migration of modern public folders to Exchange Online. ISV solutions allow you to migrate public folders to other places, like Office 365 Groups and shared mailboxes, which seems like a lot more interesting.
Microsoft is obviously putting a lot of effort into improving the functionality available in the OWA and Outlook clients, but only for Office 365 users. It’s now got to the point where on-premises customers must be wondering where their next update will arrive. The answer may be “Never”.
Microsoft has fixed the IIS crash that caused problems for Windows 2016 DAG members in Exchange 2016 CU4. Exchange 2013 also gets its quarterly overhaul of fixes in CU15.