Microsoft Exchange and Active Directory Blog
Microsoft has released new security updates for all supported Exchange Servers (2013, 2016, 2019). In particular, Microsoft mentions the vulnerability CVE-2021-42321 (Remote Code Execution) in Exchange 2016 and 2019, which is already being exploited in a limited number of targeted attacks. The number of attacks is likely to increase as the update may now make the vulnerability easier to detect. ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 209. These three vulnerabilities are fixed in Exchange Server 2016 and 2019: CVE-2021-41350 CVE-2021-41348 CVE-2021-34453 CVE-2021-41348 is a High severity vulnerability that allows privilege escalation. The following vulnerability is fixed in Exchange 2013: CVE-2021-26427 CVE-2021-26427 is ... Read more
Sometimes the Exchange log and trace files can take up a lot of disk space, which is why I get requests from time to time asking how the logs can be cleaned up. In most cases, the Exchange partition threatens to fill up and in many cases this is also the system partition. Unfortunately, in many cases the system partition, on which Exchange ... Read more
In a previous article, I described where the AMSI log files of the Exchange server can be found. As the logs are stored locally on the Exchange server, the logs are of little use if nobody reads them and attacks are only detected when it is too late. However, the logs can also be easily ... Read more
The ExchangeHealthChecker has been around for some time, but many people still seem to be unaware of this useful script. However, it is worth running the script from time to time to prevent problems. The ExchangeHealthChecker analyzes the Exchange configuration and lists the most common configuration problems. The script therefore makes troubleshooting much easier. For example, the ExchangeHealthChecker lists expired certificates, ... Read more
It's currently in the news again: attackers are trying to exploit Exchange security vulnerabilities. This time, however, the updates have been available for some time. Anyone who has not yet installed the latest security updates should do so as soon as possible. Here is a summary of the available security updates: New security updates for Exchange Server (April 2021) New security updates for Exchange Server ... Read more
With the July 2021 CUs for Exchange Server, Microsoft has introduced AMSI integration as a new feature for Exchange 2016 and 2019. Here is some information about the new feature. What is AMSI? The Windows AntiMalware Scan Interface (AMSI) is an interface with which services and applications can be integrated into anti-malware solutions. ... Read more
After installing the July security updates, it may happen that the Exchange Administrative Center (EAC) and OWA can no longer be opened. The cause is an expired certificate for Exchange Server OAuth authentication. Microsoft also refers to this problem in the release notes of the updates. Unfortunately, the notes on the updates are overlooked ... Read more
A week ago, Microsoft released new security updates for Exchange Server 2013, 2016 and 2019. I'm only reporting on this now because I've been on vacation for the last 14 days. But thanks to the CVE reporter, this shouldn't be a problem :-) The following four vulnerabilities are closed by the updates CVE-2021-31196 CVE-2021-34470 CVE-2021-33768 CVE-2021-31206 Here's ... Read more
The new AMSI integration introduced with CU21 for Exchange 2016 and CU10 for Exchange 2019 in conjunction with various anti-virus scanners causes some serious problems. The Outlook connection sometimes becomes so slow that it is no longer possible to work. Even starting Outlook can take several minutes. Outlook repeatedly fails to respond, ... Read more
