Microsoft Exchange and Active Directory Blog
Today Sophos has released an update for Sophos UTM 9.6. The update raises the version number to 9.601-5. The update is a maintenance release, which requires a restart of the UTM, AccessPoints and REDs (the AccessPoint and REDs also perform a firmware update). The following problems are solved with the update ... Read more
Microsoft has released a security update for Exchange 2016 CU 10 and CU 11. The update fixes a tampering vulnerability that has been rated as "Important": A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the ... Read more
Sophos has released version 9.6 of the UTM. The update to version 9.6 requires UTM version 9.510-5. The update is version 9.600-5. Here is the list of new features: What's new in UTM 9.6? ATP: New Advanced Threat Protection Library Better performance and protection Certificates: Let's Encrypt Integration Generate and renew Let's Encrypt ... Read more
Sophos has released two new update packages for the UTM today. The original update to version 9.510-4) has been withdrawn and is no longer available for download. Users of version 9.510-4 can now update to version 9.510-5 (second download link), this version should now also fix the bug in Mail Protection regarding TLS negotiation. Read more
After almost 4 months, Sophos has released an update for the UTM. The update to version 9.510-4 closes various security gaps and fixes some functional problems. Long-awaited features, such as support for Let's Encrypt and IKEv2, are still a long time coming. Here is the list of changes: [NUTM-8273]: [Basesystem] Inconsistent reporting ... Read more
Critical updates for Exchange Server: There is a vulnerability in all supported Exchange Server versions that allows attackers to execute code on the Exchange Server using specially crafted mail. Microsoft describes the problem here: CVE-2018-8154 | Microsoft Exchange Memory Corruption Vulnerability A remote code execution vulnerability exists in Microsoft Exchange software when the software fails ... Read more
Sophos has released a new update for Sophos UTM today. The update is for version 9.508-10 and upgrades the version to 9.509-3. The update fixes these three issues: [NUTM-9619]: [Email] CVE-2018-6789: buffer overflow in base64d function in SMTP listener [NUTM-9698]: [Network] After upgrade to 9.508 in VPC IPsec BGP status shows "state error" ... Read more
Today Sophos released an update for the UTM 9. The update updates the UTM to version 9.508-10. The update is just under 170 MB in size and is intended to fix these problems: [NUTM-8739]: [Access & Identity] Argos segfault and coredump after update to v9.502 [NUTM-9164]: [Access & Identity] SSLVPN installation packages fail to copy user profile during ... Read more
Updates have been released for Outlook 2013 and Outlook 2016 to close two critical security vulnerabilities. With both vulnerabilities, it is possible to execute malicious code on the computer. With one of the vulnerabilities, it is sufficient to receive an email with a malicious attachment. The attachment does not even have to be opened. The corresponding CVEs can be found here: CVE-2018-0852 | ... Read more
Microsoft already released a security update for Exchange 2013 and Exchange 2016 on 12.12.17. This is not the quarterly CU, but a fix for a vulnerability in Outlook Web Access (OWA). The CVE for the vulnerability can be found here: CVE-2017-11932 | Microsoft Exchange Spoofing Vulnerability The update is rated "Important". Microsoft describes ... Read more
