Microsoft Exchange and Active Directory Blog
After the update is before the update. Today, Microsoft released the Cumulative Updates for Exchange Server 2016 and 2019. Both CUs contain the previous security updates from 02.03.21. CU 20 is the penultimate CU for Exchange Server 2016, after which only security updates will be released. For Exchange 2016, the last ... Read more
Microsoft provides the tool "Exchange On-premises Mitigation Tool (EOMT) to secure unpatched Exchange servers for download: https://github.com/microsoft/CSS-Exchange/tree/main/Security EOMT first secures the Exchange server against the vulnerability CVE-2021-26855 using URL rewrite and then downloads the Microsoft Safty Scanner to check the server for a successful attack. However, EOMT does not install the available updates ... Read more
In the case of successfully attacked Exchange servers with the HAFNIUM exploit, the directory permissions may be changed, resulting in affected Exchange servers reporting an error message when installing updates. Here is an example of a directory where the permissions have been changed: As can be seen in the screenshot, the permissions for the principal ... Read more
The exploit for the Exchange vulnerabilities is now publicly available and, as was to be expected, is spreading even further. Initially, the exploit was blocked on GitHub, which naturally resulted in the exploit being published on various sites. In the meantime, the exploit is also available again on GitHub, only on other ... Read more
Due to the severity of the HAFNIUM exploit, Microsoft has released further updates for older Exchange Server versions. However, the updates cannot be obtained via Windows Update, but must be downloaded and installed manually. Further information on the updates can be found here: March 2021 Exchange Server Security Updates for older Cumulative Updates of Exchange Server Some ... Read more
Many admins are currently reporting a successful attack on their Exchange server. Many are finding evidence of unauthorized access or even an installed web shell. Many are now unsure what to do or how to proceed. Some are now implementing IIS rewrite rules or deactivating the UM services, for example, as described in this article by ... Read more
Many people have already noticed and reported that the newsletter no longer works. It wasn't actually a newsletter, but rather a notification of new posts. Unfortunately, the WordPress plugin I had been using no longer worked reliably and sending the emails also caused problems. Many ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. The prompt installation of the security updates for the affected Exchange versions is recommended by Microsoft, as the vulnerabilities are already being exploited: As active exploitation of related vulnerabilities in the wild is known (limited targeted attacks), our recommendation is to install these updates immediately to prevent ... Read more
The Microsoft Ignite digital event starts again tomorrow. As last year, participation is free of charge: https://myignite.microsoft.com/home So if you want to register quickly, you can do so via the link. However, the sessions at the last Ignite were also recorded and posted online on YouTube, for example. So the sessions can also be ... Read more
I found some time to test the preview of Windows Server 2022 and installed the new server operating system from Microsoft in a VM. The preview build 20298.1 was released yesterday. Unfortunately, there is not really much new to see, so there is only a short article here. Participants of the Windows Server Insider ... Read more
