April 23, 2024 at 03:58PM Microsoft released hotfix updates to address known issues affecting Exchange servers post installing the March 2024 security updates. The optional April 2024 HU adds support for ECC certificates and Hybrid Modern Authentication (HMA) for OWA/ECP. Redmond fixed issues in Outlook on the Web (OWA) and Microsoft Word document previews. Both … Read more
February 15, 2024 at 04:34PM Microsoft identified a critical vulnerability in Exchange Server disclosed in February as a zero-day threat already being exploited. The flaw (CVE-2024-21410) permits attackers to disclose and relay Windows NT Lan Manager hashes, impersonating legitimate users. Microsoft revised its advisory, flagging the exploit as a zero-day. A cumulative update (CU14) protects … Read more
February 15, 2024 at 06:45AM A critical vulnerability in Exchange Server (CVE-2024-21410) is actively exploited, enabling privilege escalation and NTLM hash relay attacks. Microsoft issued a warning and released Exchange Server 2019 CU14 to address the flaw. Furthermore, Check Point disclosed another critical-severity Outlook vulnerability (CVE-2024-21413) allowing remote code execution through crafted hyperlinks. Both companies … Read more
February 15, 2024 at 12:21AM Microsoft has confirmed active exploitation of a critical security flaw in Exchange Server, allowing attackers to gain privileges and execute operations. It has released patches to address this and other vulnerabilities in its Patch Tuesday updates. Threat actors, including APT28, have a history of exploiting such flaws for NTLM relay … Read more
February 14, 2024 at 06:29PM Microsoft has warned of a critical vulnerability in Exchange Server, CVE-2024-21410, allowing remote unauthenticated threat actors to escalate privileges. The company has released Exchange Server 2019 Cumulative Update 14 to address this and enable NTLM credentials Relay Protections. Admins are advised to evaluate their environments before toggling EP on Exchange … Read more
February 14, 2024 at 12:41PM After installing Exchange Server 2019 CU14 or later, Extended Protection (EP) will be automatically enabled to strengthen Windows Server authentication and mitigate security risks. Admins should review Microsoft’s documentation and PowerShell script before toggling EP, and address any issues after enabling it. Microsoft encourages keeping servers updated to deploy emergency … Read more
January 19, 2024 at 06:33AM Summary: The article highlights the rising significance of data in the digital world, particularly in on-premises Exchange Server environments. It elaborates on the evolving threats of data loss, the changing role of administrators, and crucial backup and recovery strategies to prevent permanent data loss. The consequences of data loss and … Read more