My TechDecisions

Search Results: exchange server

June 2023 Patch Tuesday. Patch Tuesday,

June 2023 Patch Tuesday: Exchange Server, SharePoint, PGM

The June 2023 Patch Tuesday release includes no active threats, but critical vulnerabilities still need to be patched, experts say.

June 13, 2023 Zachary Comeau Leave a Comment

Microsoft has released fixes for about 70 vulnerabilities for its June 2023 Patch Tuesday release, and while none are listed as being actively exploited of publicly known, there are still a handful of critical-rated vulnerabilities that IT admins should prioritize this month. That list of bugs that should be prioritized includes two remote code execution […]

Read More
Microsoft Exchange Throttling Blocking

What is Going on With Microsoft Exchange Server Throttling and Blocking?

Microsoft will begin throttling and blocking emails from unsupported, unpatched Exchange servers over the next two months. Here's why.

April 17, 2023 Zachary Comeau Leave a Comment

Microsoft is hoping to address the security issue of emails sent to Exchange online from unsupported and unpatched Exchange Servers by enabling a transport-based enforcement system in Exchange Online that will throttle and then block emails from an unsupported server. The end goal is to encourage Microsoft customers to stop using persistently vulnerable versions of […]

Read More
Microsoft Security RSA Conference

Microsoft: Here’s How to Keep Exchange Server Secure

Microsoft is urging organizations to protect their Exchange servers by installing the latest available updates on all Exchange Servers.

February 1, 2023 Zachary Comeau Leave a Comment

Microsoft is urging organizations to keep their Exchange servers protected by installing the latest available Cumulative Update and Security Update on all Exchange servers and some Exchange Management Tool workstations. In addition, Microsoft recommends occasionally performing manual tasks to harden Exchange environments, such as enabling Extended Protection and enabling certificate signing of PowerShell Serialization payloads. […]

Read More
Microsoft Exchange Server

Microsoft: This Is Why Emails Were Stuck For On-Premise Exchange Servers

Microsoft says it has fixed an issue for an Exchange Server bug that is breaking email delivery for on-premise servers.

January 3, 2022 Zachary Comeau Leave a Comment

Microsoft says it has fixed an Exchange Server bug that is causing emails for on-premises servers to get stuck in queues due to the change of the new year. According to Microsoft, emails were stuck in transport queues of on-premises Exchange Server 2016 and 2019 due to a date check failure with the change of […]

Read More
Fortinet Vulnerability, Fortigate

Microsoft’s November Patches: Flaws In Exchange Server, Excel, RDP and More

Despite a light November with just 55 patches, IT pros should prioritize patching several remote code execution flaws in Microsoft systems.

November 10, 2021 Zachary Comeau Leave a Comment

IT admins of Microsoft systems have 55 new vulnerabilities to patch this month after the company issued its patches for November this week, including two that are currently under active exploitation and six rated as critical. November’s Patch Tuesday releases fix security flaws in Microsoft products such as Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, […]

Read More
Microsoft January Patch Tuesday

Microsoft Introduces Emergency Mitigation Tool For Exchange Server

The optional Emergency Mitigation tool helps customers create and automatically apply vulnerability mitigations to their Exchange servers.

September 27, 2021 Zachary Comeau Leave a Comment

Microsoft is introducing a new security feature in Exchange Server designed to protect against security threats that have known mitigations. According to the company, the Emergency Mitigation feature is a built-in version of the Exchange On-premises Mitigation Tool (EOMT) that works with the cloud-based Office Config Service (OCS) to provide protection against known threats. It’s […]

Read More
June 2023 Patch Tuesday. Patch Tuesday,

February 2023 Patch Tuesday: Three Exploited; Exchange, Word Bugs

Microsoft's February 2023 Patch Tuesday includes fixes for 75 security bugs, including three being actively exploited and four Exchange RCEs.

February 14, 2023 Zachary Comeau Leave a Comment

[Editor’s note: An earlier version of this article stated there were two exploited bugs patched this month. It has been updated to reflect the additional exploited vulnerability.] Microsoft has released patches to fix 75 security bugs in the February 2023 Patch Tuesday release, including one each in Microsoft Office, Windows Common Log File System Driver […]

Read More
Exchange Online Basic Auth

Exchange Online Password Spray Attacks Up As Basic Auth Phase Out Begins

Microsoft revives urging Exchange Online customers to disable basic auth on their own before the end of the year.

October 5, 2022 Zachary Comeau Leave a Comment

Microsoft says it is seeing indicators that Exchange Online customers are being targeted by password spray attacks leveraging basic authentication as the company begins to phase out basic auth in Exchange. The company has for three years been urging customers to move away from basic auth, and Microsoft has disabled it in “millions of tenants […]

Read More
Microsoft Security RSA Conference

Two New Exchange Vulnerabilities Are Being Actively Exploited

Two new vulnerabilities in Microsoft Exchange that are similar to ProxyShell are being actively exploited, and a patch is not yet available.

October 3, 2022 Zachary Comeau Leave a Comment

Microsoft is warning organizations to mitigate two zero-day vulnerabilities in Exchange Server that are being actively exploited in the wild and can result in hands-on-keyboard access and Active Directory reconnaissance and data exfiltration. The vulnerabilities are CVE-2022-41040–a server-side request forgery (SSRF) vulnerability–and CVE-2022-41082–a remote code execution bug via Exchange PowerShell. According to Microsoft, CVE-2022-41040 can enable […]

Read More