Microsoft Exchange and Active Directory Blog
The CERT-Bund warns on X of more than 15,000 Exchange servers in Germany that are openly accessible from the Internet with at least one vulnerability. Some of the vulnerabilities are already being actively exploited. In March 2024, the BSI had already warned of 17,000 Exchange servers that are openly accessible from the Internet and contain known vulnerabilities. The ... Read more
Microsoft has recently officially supported HSTS (HTTP Strict Transport Security). However, HSTS is not activated by default and must therefore be activated by the user. But first a few words about HSTS and how it works. What is HSTS and how does it work? HTTP Strict Transport Security (HSTS) is a guideline ... Read more
Support for Exchange Server 2013 will end on April 11, 2023, after 10 years. This means that Exchange 2013 will no longer receive any security updates, making the continued operation of Exchange 2013 highly risky. If there are still Exchange 2013 servers in the company, they should be provided with the latest security updates and upgraded to newer Exchange versions as quickly as possible. Read more
In order to continue to guarantee the security of Exchange Online, Microsoft is gradually starting to block old Exchange Server versions. The new system, which is now being introduced gradually, is called the "Transport-based Enforcement System" and has three functions: Reporting, throttling and blocking. In the first stage, administrators are informed that old Exchange Server versions are present in the company. Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. This is likely to be the last security update for Exchange 2013, as support for Exchange 2013 ends on 11.04.2023. The March update for Exchange also fixes the problem with the crashing EWS Web Application Pool in IIS. Applications that use EWS should therefore ... Read more
Microsoft has updated the recommendations for exclusions for virus scanners on Exchange Server: Specifically, contrary to the original recommendation, these directories and processes should no longer be excluded from the virus scanner: Existing exclusions for virus scanners should therefore be adjusted. The script from Paul Cunningham, which creates a list of all exclusions, is suitable for new Exchange installations: Unfortunately, ... Read more
The "Windows Extended Protection" security feature was introduced with a security update in August 2022 for Exchange Server 2013, 2016 and 2019 and protects against man in the middle (MitM) attacks. In small organizations where there is only a single Exchange Server, without load balancers and web application firewalls, Windows Extended Protection can be activated quite easily. In ... Read more
Microsoft has released new security updates for Exchange 2013, 2016 and 2019. A total of 4 vulnerabilities classified as important have been fixed. Details on the closed vulnerabilities can be found here: As you can see, all 4 vulnerabilities are Remote Code Execution vulnerabilities, so the updates should be installed as soon as possible. Here it goes ... Read more
In the last part of the Exchange 2013 to Exchange 2019 migration, the environment is cleaned up and Exchange 2013 is uninstalled. The first two articles can be found here The mailboxes and public folders have already been moved to part 2. Only a few simple steps are required to uninstall Exchange 2013 and complete the migration: Send connector ... Read more
This is the second part of the Exchange 2013 to Exchange 2019 migration. The first part can be found here: Now that the Exchange 2019 server has been configured in the first part, the actual migration can begin. Converting DNS entries Before starting the migration of data such as public folders and mailboxes, the DNS ... Read more
