Microsoft Exchange and Active Directory Blog
I have just completed the CVE-Reporter and made the first public version available for download. I've been using the CVE-Reporter for a while now so that I receive an e-mail when new vulnerabilities or security holes are discovered and can therefore react quickly to possible security holes. Until now, I had not made the CVE-Reporter publicly available, because so far ... Read more
Microsoft released a new security update for Exchange Server 2016 and 2019 yesterday. The update closes a vulnerability classified as "Important". Description of the vulnerability: A cross-site scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server. An authenticated attacker could exploit the vulnerability by ... Read more
On February 13, 2020, Microsoft released updates for all Exchange Server versions for the vulnerability CVE-2020-0688. If you have not already done so, you should install the update as soon as possible, as it is now known how the vulnerability can be exploited. Although an attacker must first authenticate themselves on the Exchange Server, it is then possible to take control of the ... Read more
Microsoft has released a new security update for Exchange Server 2013 to 2019 (CVE-2019-1373). The update closes a vulnerability that, in the worst-case scenario, could allow code to be executed remotely. Microsoft classifies the severity of the vulnerability as critical. The update should therefore be installed as soon as possible. Microsoft provides the following details on ... Read more
