Microsoft Exchange and Active Directory Blog
The Outlook vulnerability CVE-2023-23397 is currently being actively exploited. This is particularly critical as exploitation is possible without user interaction. By exploiting the vulnerability, attackers can obtain NTLM hashes of the user and possibly use them for subsequent attacks. To exploit the vulnerability, it is sufficient to send a prepared e-mail or a calendar invitation to the user ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. This is likely to be the last security update for Exchange 2013, as support for Exchange 2013 ends on 11.04.2023. The March update for Exchange also fixes the problem with the crashing EWS Web Application Pool in IIS. Applications that use EWS should therefore ... Read more
Service accounts for starting Windows services or scheduled tasks are often configured with the "password never expires" attribute and then used for years. Often such service accounts are also alienated for a specific purpose and used on many servers for a wide variety of tasks. Service accounts with far-reaching authorizations and passwords that never expire then make it easier for ... Read more
Microsoft has updated the recommendations for exclusions for virus scanners on Exchange Server: Specifically, contrary to the original recommendation, these directories and processes should no longer be excluded from the virus scanner: Existing exclusions for virus scanners should therefore be adjusted. The script from Paul Cunningham, which creates a list of all exclusions, is suitable for new Exchange installations: Unfortunately, ... Read more
The "Windows Extended Protection" security feature was introduced with a security update in August 2022 for Exchange Server 2013, 2016 and 2019 and protects against man in the middle (MitM) attacks. In small organizations where there is only a single Exchange Server, without load balancers and web application firewalls, Windows Extended Protection can be activated quite easily. In ... Read more
Microsoft has released new security updates for Exchange 2013, 2016 and 2019. A total of 4 vulnerabilities classified as important have been fixed. Details on the closed vulnerabilities can be found here: As you can see, all 4 vulnerabilities are Remote Code Execution vulnerabilities, so the updates should be installed as soon as possible. Here it goes ... Read more
Anyone who has made several Exchange servers highly available via a load balancer uses NTLM for the authentication of Outlook users by default. With a few adjustments, however, Kerberos can also be used for authentication. Compared to NTLM, Kerberos reduces the number of logins compared to the Active Directory, which can lead to better speed. Kerberos is also ... Read more
During the migration from Exchange 2016 to Exchange 2019, I encountered the problem that Outlook constantly asks for username and password. A connection via Outlook to Exchange could no longer be established as soon as the DNS entry (or the load balancer) was switched to the new Exchange 2019 servers. However, OWA and ActiveSync worked without any problems. In ... Read more
When installing new Exchange 2019 servers in an existing Exchange 2016 organization, I came across the following error. The Exchange 2019 setup asked for the organization name during the installation of the first Exchange 2019 server. The request for the organization name must not appear during the installation in an existing Exchange organization, because ... Read more
From now on you will find an overview of the current Exchange versions, updates and support periods here. As soon as new Exchange updates are released, I will try to update the page promptly. This will give you quick access to the latest download links. Of course there will still be an article about available updates, the new page is intended to ... Read more
