Microsoft Exchange and Active Directory Blog
When configuring mailbox permissions for a group, the following error may occur: The user "testgruppe" was found in Active Directory but isn't valid to use for permissions. Try an SMTP addressinstead. Permissions for groups can only be assigned if it is a security group. For a security group, the values for ... Read more
I have just uploaded a new Exchange Reporter version to GitHub. This is the first Exchange Reporter version which is available on Github. Since I don't have much time to develop the Exchange Reporter anymore, it would be nice if people would participate in the development. Github should now make this much easier than ... Read more
The next Exchange Server version will be released in the third quarter of 2025. This is already known, but a few more details are new. Here is some news: The next Exchange Server version will simply be called Exchange Server SE. SE stands for "Subscription Edition", just like SharePoint SE, the new Exchange Server version will be ... Read more
Yesterday, security updates were released for Exchange Server 2016 and Exchange Server 2019. In connection with Outlook and Exchange Server 2019, there are now increasing reports of problems with the search. Admins are reporting problems on the Exchange Team Blog and in the comments to my post. The search apparently produces the error message ... Read more
Microsoft has released new security updates for Exchange Server 2016 and Exchange Server 2019 today. The security update closes the remote execution vulnerability CVE-2024-26198 with the severity level "Important". The vulnerability is not currently being actively exploited, but Microsoft recommends that the update is installed quickly. Click here to download the security update: After installing the March ... Read more
Under certain circumstances, Microsoft Office 365 and Exchange Server allow access to attachments and images in emails without the need for authentication. In most cases it should be difficult to exploit this problem, but reader L. Herzog writes to me that this problem could be exploited in his environment. L. Herzog has ... Read more
The critical vulnerability CVE-2024-21410 in Exchange Server, which was made public on February 13, 2024, is now being actively exploited. The vulnerability CVE-2024-21410 allows attackers to perform an NTLM relay attack (pass the hash). In this case, attackers can trick a client such as Outlook into logging on to a malicious relay in order to obtain the NTLM credentials. The ... Read more
Microsoft released CU 14 for Exchange Server 2019 yesterday. CU 14 brings these new features: Support for TLS 1.3 was also planned, but this did not make it into CU 14. CU 14 can be downloaded here: As already mentioned, CU 14 activates the Extended ... Read more
Today, mainstream support for Exchange Server 2019 has expired, so both Exchange Server versions that are still supported are now in extended support, which ends on October 14, 2025. While Exchange 2016 will only receive security updates, Exchange 2019 will receive two more CUs. The CU14 for Exchange 2019 will be released soon and CU15 will also be ... Read more
Microsoft has announced that Exchange 2019 CU14 will not be released this year. The CU14 has been postponed to January 2024. Just last year, the publication of Exchange CUs was changed so that only 2 CUs were to be published per year. The plan was to publish one CU in March and another in September. How ... Read more
