Last Update: May 23, 2022
The quarterly cumulative updates for Exchange Server quietly appeared with little fuss this week. Meanwhile, in cloud land, Office 365 continues the crusade to eradicate distribution lists with new bulk conversions to Office 365 Groups.
Microsoft has announced some major changes to the delivery process for security updates (SUs) and hotfixes (HFs) for Exchange Server. Starting with the May 2022 Security Updates, the company is now releasing some Exchange Server SUs and HFs as self-extracting auto-elevating executables. Previously, Microsoft shipped all security updates as Windows Installer patch (.msp) files to…
Security researchers have revealed a new series of ransomware attacks carried out by the Hive ransomware group to target Microsoft Exchange Servers. Hive is a popular ransomware-as-a-service (RaaS) model that was first discovered in June 2021. The Hive ransomware group targets business networks with several methods and mechanisms, including phishing emails with attachments. It has…
Last Update: Apr 12, 2022
At Microsoft Ignite 2019, the Exchange product group announced the public preview of a set of REST-based PowerShell cmdlets to replace some of the most popular (and in performance terms, most painful) traditional cmdlets. The new cmdlets are more reliable and robust and run 2-4 times faster than the older Remote PowerShell-based cmdlets (your mileage will vary). All good stuff.
Microsoft patches a wormable bug in http.sys in Windows and Windows Server. There are also fixes for three remote code execution vulnerabilities in Exchange Server. And Adobe releases fixes for 26 flaws in Acrobat and Reader. So, let’s get started! Windows and Windows Server This month there are fixes for six zero-days in Windows and…
Microsoft has released an official fix for the “Y2K22” bug that was previously preventing on-premise Exchange servers from sending emails. This issue started at midnight on January 1st, 2022, and it was causing emails to get stuck in transport queues due to a date check failure in the FIP-FS anti-malware scanning engine. The Microsoft Exchange Y2K22…
In this article, I explain how the recently discovered flaw in the Exchange Server Autodiscover protocol can leak user credentials. And how to mitigate the issue in your environment. Microsoft Exchange Server Autodiscover protocol leaks thousands of user credentials Researchers at security company Guardicore have released details of a security issue in the Autodiscover protocol…
The LockFile ransomware group has been actively launching attacks against Microsoft Exchange Servers, exploiting three vulnerabilities that were patched by Microsoft in April and May this year. Known as the Exchange Server ProxyShell vulnerabilities, the LockFile group uses them, in conjunction with the Windows PetitPotam vulnerabilities that were partially patched in the round of updates…
For all you IT Pros continuing to support an on-premises Exchange Server infrastructure (in any configuration), Microsoft has a vital message for you: It is extremely important to keep Exchange up to date. Due to the number of customers that were unprepared to install last month’s (Mar ’21) Emergency security patches, many had to scramble…
Microsoft has a new tool that will make installing a temporary patch much easier to block known HANFIUM attacks.