Microsoft Exchange and Active Directory Blog
The Outlook vulnerability CVE-2023-23397 is currently being actively exploited. This is particularly critical as exploitation is possible without user interaction. By exploiting the vulnerability, attackers can obtain NTLM hashes of the user and possibly use them for subsequent attacks. To exploit the vulnerability, it is sufficient to send a prepared e-mail or a calendar invitation to the user ... Read more
Two Outlook Autodiscover settings, which are active in the default setting, often cause problems when setting up Outlook accounts. In the default setting, Outlook always tries to retrieve Autodiscover settings from Microsoft 365, which often leads to problems with on-prem Exchange servers. Outlook also tries to retrieve the Autodiscover settings from the root domain ... Read more
Who isn't familiar with the evil "Reply all" function in Outlook? An important piece of information is quickly sent to the whole company, and then there's a flood of replies because the recipients use the "reply all" function: Depending on the size of the organization, such a flood of emails can generate a few million emails and thus ... Read more
On March 17, 2018, I drew attention to an idea by Jeff Guillet. The idea is about saving email signatures as part of the Exchange mailbox so that a uniform signature is possible on all devices. Up to now, the Outlook e-mail signature has been saved in the user profile of the respective client. The idea of ... Read more
I have now received a lot of questions about Outlook on Windows 7 in conjunction with Exchange 2019. The error and solution have always been the same, so here is a short article about it. Outlook (regardless of the version) on Windows 7 cannot connect to Exchange Server 2019. Outlook then displays this message at startup ... Read more
This short article is intended to list the most common causes of problems with the Outlook connection to Exchange during migration. Connection problems often occur after a mailbox has been moved to a newer Exchange version. Outlook then often displays one of the following messages: The Microsoft Exchange administrator has made a change that requires Outlook to be restarted. ... Read more
The following problem has been around for a very long time: users should use standardized signatures for emails, preferably across all devices and clients. Until now, this has required additional software to create and manage signatures. Exchange Server itself only offers the option of centrally managing signatures for OWA. For Outlook and ... Read more
Updates have been released for Outlook 2013 and Outlook 2016 to close two critical security vulnerabilities. With both vulnerabilities, it is possible to execute malicious code on the computer. With one of the vulnerabilities, it is sufficient to receive an email with a malicious attachment. The attachment does not even have to be opened. The corresponding CVEs can be found here: CVE-2018-0852 | ... Read more
The following behavior is currently occurring more frequently with Outlook 2016 and Exchange Server 2016 CU7. Outlook asks for the login information after opening attachments or the password prompt appears. I was able to reproduce this behavior in my environment with Outlook 2016 (Version 1708 Build 8431.2079) and Exchange 2016 CU7. As soon as the attachment of an email in ... Read more
Unfortunately, Exchange still does not offer a convenient way to send e-mails to other e-mail addresses. If users should be able to send mails with different e-mail addresses, additional mailboxes can be created and linked to the user. Recently, however, I received a question as to how a user can still send e-mails under several e-mail ... Read more
