Microsoft Exchange and Active Directory Blog
Today Sophos has released an update for Sophos UTM 9.6. The update raises the version number to 9.601-5. The update is a maintenance release, which requires a restart of the UTM, AccessPoints and REDs (the AccessPoint and REDs also perform a firmware update). The following problems are solved with the update ... Read more
Microsoft hat ein Sicherheitsupdate für Exchange 2016 CU 10 und CU 11 veröffentlicht. Das Update behebt eine Manipulationsschwachstelle die mit Schweregrad “Wichtig” eingestuft wurde: A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user’s profile data. To exploit the … Read more
Sophos has released version 9.6 of the UTM. The update to version 9.6 requires UTM version 9.510-5. The update is version 9.600-5. Here is the list of new features: What's new in UTM 9.6? ATP: New Advanced Threat Protection Library Better performance and protection Certificates: Let's Encrypt Integration Generate and renew Let's Encrypt ... Read more
Sophos has released two new update packages for the UTM today. The original update to version 9.510-4) has been withdrawn and is no longer available for download. Users of version 9.510-4 can now update to version 9.510-5 (second download link), this version should now also fix the bug in Mail Protection regarding TLS negotiation. Read more
After almost 4 months, Sophos has released an update for the UTM. The update to version 9.510-4 closes various security gaps and fixes some functional problems. Long-awaited features, such as support for Let's Encrypt and IKEv2, are still a long time coming. Here is the list of changes: [NUTM-8273]: [Basesystem] Inconsistent reporting ... Read more
Kritische Updates für Exchange Server: In allen unterstützen Exchange Server Versionen steckt eine Schwachstelle mit der Angreifer mittels einer speziell präparierten Mail Code auf dem Exchange Server ausführen können. Microsoft beschreibt das Problem hier: CVE-2018-8154 | Microsoft Exchange Memory Corruption Vulnerability A remote code execution vulnerability exists in Microsoft Exchange software when the software fails … Read more
Sophos has released a new update for Sophos UTM today. The update is for version 9.508-10 and upgrades the version to 9.509-3. The update fixes these three issues: [NUTM-9619]: [Email] CVE-2018-6789: buffer overflow in base64d function in SMTP listener [NUTM-9698]: [Network] After upgrade to 9.508 in VPC IPsec BGP status shows "state error" ... Read more
Heute von Sophos ein Update für die UTM 9 veröffentlicht. Das Update aktualisiert die UTM auf Version 9.508-10. Das Update ist knapp 170 MB groß und soll diese Probleme beheben: [NUTM-8739]: [Access & Identity] Argos segfault and coredump after update to v9.502 [NUTM-9164]: [Access & Identity] SSLVPN installation packages fail to copy user profile during … Read more
Updates have been released for Outlook 2013 and Outlook 2016 to close two critical security vulnerabilities. With both vulnerabilities, it is possible to execute malicious code on the computer. With one of the vulnerabilities, it is sufficient to receive an email with a malicious attachment. The attachment does not even have to be opened. The corresponding CVEs can be found here: CVE-2018-0852 | ... Read more
Bereits am 12.12.17 hat Microsoft ein Sicherheitsupdate für Exchange 2013 und Exchange 2016 veröffentlicht. Es handelt sich dabei nicht um das vierteljährliche CU, sondern um einen Fix für eine Schwachstelle in Outlook Web Access (OWA). Das CVE zur Schwachstelle findet sich hier: CVE-2017-11932 | Microsoft Exchange Spoofing Vulnerability Das Update hat die Stufe “Wichtig”. Microsoft beschreibt … Read more
