Microsoft Exchange and Active Directory Blog
Microsoft has released new updates for Exchange Server 2016 and 2019. The hotfix update (HU) is intended to fix the problems of the previous security updates (SU) from March 2024. In addition to the fixes for the quite numerous problems of the March SU, two new features are also added with this hotfix update: Click here to go directly to the ... Read more
BIMI stands for "Brand Indicators for Message Identification" and is a fairly new standard designed to help users distinguish legitimate emails from spam and phishing emails. BIMI is intended to enable companies to display the company logo in the recipient's inbox. Outlook users will be familiar with a very similar procedure, where the sender's photo in Outlook ... Read more
Like the updates for Exchange Server, the March update for Windows Server also contains a serious error. The update causes a memory leak in the LSASS process, which can then lead to a domain controller restarting or crashing. Only domain controllers are affected by this problem; the problem does not occur on normal member servers. Currently ... Read more
Microsoft has announced the new Office 2024 version as a purchase license. The new Microsoft Office 2024 does not require a subscription, but can be purchased regularly. According to Microsoft, there will be two versions of Office: Office 2024 and Office LTSC 2024. Office LTSC 2024 will receive five years of support and will be offered in Professional Plus, Standard and Embedded versions. ... Read more
Yesterday, security updates were released for Exchange Server 2016 and Exchange Server 2019. In connection with Outlook and Exchange Server 2019, there are now increasing reports of problems with the search. Admins are reporting problems on the Exchange Team Blog and in the comments to my post. The search apparently produces the error message ... Read more
Microsoft has released new security updates for Exchange Server 2016 and Exchange Server 2019 today. The security update closes the remote execution vulnerability CVE-2024-26198 with the severity level "Important". The vulnerability is not currently being actively exploited, but Microsoft recommends that the update is installed quickly. Click here to download the security update: After installing the March ... Read more
Under certain circumstances, Microsoft Office 365 and Exchange Server allow access to attachments and images in emails without the need for authentication. In most cases it should be difficult to exploit this problem, but reader L. Herzog writes to me that this problem could be exploited in his environment. L. Herzog has ... Read more
This short HowTo is about the configuration of OCSP (Online Certificate Status Protocol) or the "Online Responder" role on Windows Server 2022. OCSP (Online Certificate Status Protocol) is a protocol that is used within the PKI. It enables the status of certificates to be checked in real time. Instead of checking the validity of certificates in long revocation lists (Certificate Revocation ... Read more
The critical vulnerability CVE-2024-21410 in Exchange Server, which was made public on February 13, 2024, is now being actively exploited. The vulnerability CVE-2024-21410 allows attackers to perform an NTLM relay attack (pass the hash). In this case, attackers can trick a client such as Outlook into logging on to a malicious relay in order to obtain the NTLM credentials. The ... Read more
Microsoft released CU 14 for Exchange Server 2019 yesterday. CU 14 brings these new features: Support for TLS 1.3 was also planned, but this did not make it into CU 14. CU 14 can be downloaded here: As already mentioned, CU 14 activates the Extended ... Read more
