Exchange 2019

New attacks on outdated Exchange servers (ProxyNotShell, OWASSRF)

by

Attacks on outdated Exchange servers are currently underway again. Specifically, the ProxyNotShell vulnerability, which became known in October of this year, is being exploited again. The new attack method has been christened OWASSRF. The IIS rewrite rules published by Microsoft are bypassed in this new attack method. The only thing that helps at the moment is to install the available security updates from November: On the ... Read more

Exchange Server: Send report on mailbox size to users

by

Viele Admins kennen das Problem, es wurden Größenbeschränkungen für Postfächer konfiguriert und immer mal wieder gibt es Meldungen über volle Postfächer von Benutzern. Als Admin hat man hier eigentlich nur zwei Möglichkeiten, entweder man erweitertet die Postfachgröße für den Benutzer, oder man sagt dem Benutzer dass er aufräumen und alte Mails löschen soll. Die erste … Read more

Exchange 2019: Configure size limit for emails

by

A size limit for emails can be configured at various points on an Exchange server. The limits can be configured very granularly, for example at mailbox or protocol level. This article lists the options available. This article also applies to Exchange 2016. TransportConfig: Global size limit The global limits for emails are configured in TransportConfig. Read more

New security updates for Exchange Server (November 2022)

by

On Tuesday, Microsoft released new security updates for Exchange Server 2013, 2016 and 2019. The update closes the ProxyNotShell vulnerability (CVE-2022-41040 and CVE-2022-41082), which was known and actively exploited in September. Click here to download the security updates: Microsoft recommends installing the update as soon as possible. Click here for the article on the Exchange ... Read more

Outlook: Deactivate Autodiscover for Office 365

by

Two Outlook Autodiscover settings, which are active in the default setting, often cause problems when setting up Outlook accounts. In the default setting, Outlook always tries to retrieve Autodiscover settings from Microsoft 365, which often leads to problems with on-prem Exchange servers. Outlook also tries to retrieve the Autodiscover settings from the root domain ... Read more

Exchange Server: AutoMapping without full access to the mailbox

by

AutoMapping is a very practical feature in Exchange Server, but unfortunately it is somewhat limited: AutoMapping only automatically connects a mailbox in Outlook if the user has full access to the mailbox. As soon as granular permissions are configured at mailbox level, AutoMapping no longer takes effect. In this case, the user must manually reconnect the mailbox with the granular rights. ... Read more

Exchange 2019: Create resource mailboxes with PowerShell

by

Unfortunately, Exchange 2019 only offers a few settings for resource mailboxes (room and device mailboxes) in the Exchange Administrative Center. Many settings for booking permissions or calendar settings can only be managed via the Exchange Management Shell. Create resource mailboxes with the Exchange Management Shell With small PowerShell scripts, resource mailboxes can be created quickly and always according to the same scheme. Here ... Read more

Exchange Reporter: New version 3.11 available

by

I have just uploaded the new version 3.11 of the Exchange Reporter. The new version contains the module "ExchangeMitigations", which shows the status of the Exchange Emergency Mitigation Service and the applied rules. Here is an example report of the new module: Various bugs have also been fixed, the module "Healthchecker", which executes the Exchange Health Checker Script and displays in ... Read more

Exchange Server: New security updates (October 2022)

by

Microsoft has released new security updates for all supported Exchange Server versions today. Microsoft explicitly points out that the updates do not contain a fix for the zero-day vulnerabilities (ProxyNotShell). The following vulnerabilities are fixed by the security update, three of the vulnerabilities are considered critical: CVE-2022-21979 CVE-2022-21980 CVE-2022-24477 CVE-2022-24516 CVE-2022-30134 The updates can be downloaded here: Exchange Server ... Read more

ProxyNotShell: Workaround can be easily bypassed

by

The Exchange Mitigation EM1, which was published by Microsoft at the weekend, does not adequately seal the Exchange zero-day vulnerability ProxyNotShell (CVE-2022-41040) and can be easily bypassed. The problem is an "@" character in the Reg-Ex pattern, which makes the rule too precise. The Reg-Ex can thus be bypassed by making slight adjustments. This means that the rule is no longer ... Read more