Microsoft has issued an advisory about two new zero-day vulnerabilities affecting Exchange Server. The critical flaws, which were discovered by a Vietnamese cybersecurity company GTSC last month, impact on-premises installations of Microsoft Exchange Server 2013, 2016, and 2019. Microsoft’s Security Response Center (MRSC) detailed that the two vulnerabilities are tracked as CVE-2022-41040 and CVE-2022-41082. The…
Microsoft has published a security advisory about a new wave of malware attacks that target Exchange Servers. The company has warned IT admins that threat actors are increasingly using malicious Internet Information Services (IIS) modules to install backdoors and steal credentials. For those unfamiliar, Internet Information Services (IIS) is a web server that lets developers…
Security vendor Kaspersky has warned about a new malware that allows attackers to backdoor Microsoft Exchange servers. Dubbed SessionManager, the malicious tool has been used for the past 15 months to target NGOs, government agencies, military as well as industrial organizations across Europe, South America, Asia, and Africa. As reported by the Kaspersky researchers, the…
Microsoft has teamed up with Apple to improve the security of Exchange Online accounts on iOS and macOS devices. In upcoming iOS and macOS updates, users who connected a Microsoft Exchange mailbox in Apple’s Mail app with Basic authentication will be automatically migrated to the more secure OAuth 2.0-based Modern authentication. Apple introduced support for…
Microsoft has delayed its plans to release the next version of on-premises Exchange Server in the second half of 2021. The software giant has announced that the new subscription-based version of Exchange Server will launch in 2025. In a blog post published yesterday, Microsoft explained that the alarming surge in state-sponsored cyber-attacks against insecure on-premises…
Microsoft has announced some major changes to the delivery process for security updates (SUs) and hotfixes (HFs) for Exchange Server. Starting with the May 2022 Security Updates, the company is now releasing some Exchange Server SUs and HFs as self-extracting auto-elevating executables. Previously, Microsoft shipped all security updates as Windows Installer patch (.msp) files to…
Microsoft is getting ready to drop support for Basic Authentication in its Exchange Online e-mail service. The company is reminding customers that it will begin to permanently disable this feature for select protocols in its multi-tenant service worldwide starting October 1, 2022. Essentially, Basic Authentication means that an application provides a user name and password…
This week in IT, Windows Autopatch could kill off Patch Tuesday for some enterprises, but not all might be what it seems. Remote Help is now generally available, and yes, it’s expensive. Windows 10 November 2021 is ready for broad deployment. Microsoft is planning to disable SMB v1 in an upcoming Windows 11 release. Exchange…
Security researchers have revealed a new series of ransomware attacks carried out by the Hive ransomware group to target Microsoft Exchange Servers. Hive is a popular ransomware-as-a-service (RaaS) model that was first discovered in June 2021. The Hive ransomware group targets business networks with several methods and mechanisms, including phishing emails with attachments. It has…
Microsoft has announced that the Exchange Server cumulative updates (CUs) are switching to a biannual release schedule. The company currently releases CUs quarterly, but this slow release cycle will allow organizations to keep their Exchange servers up-to-date more easily. “We are moving to a release cadence of two CUs per year – releasing in H1…