Microsoft has detailed its plans to protect organizations against persistently vulnerable Exchange Servers. Starting on May 10, the company is introducing a new transport-based enforcement system that will block email traffic from unpatched or out-of-support Exchange Server instances. Microsoft explained that it will implement the new transport-based enforcement system in eight stages. The service will…
Microsoft has announced the release of its new cumulative update (CU13) for Exchange Server 2019. The latest update brings modern authentication support to Outlook for Windows in Exchange Server 2019 and addresses around 200 bugs. Specifically, the 2023 H1 cumulative update adds support for modern authentication to on-premises Exchange Server 2019 environments. The security feature…
Microsoft is introducing a transport-based enforcement system in Exchange Online that will throttle and block emails from old Exchange Servers. The company explained that this change aims to encourage organizations to upgrade to a supported version of Exchange Server. Microsoft has found that thousands of on-premises customers are running outdated versions of Exchange Servers. The…
Microsoft has published an advisory recommending IT admins to remove select antivirus exclusions in Exchange Servers. The company explained that this configuration change should help IT admins to improve the security posture of their organizations. Up until now, Microsoft recommended Exchange Server admins to configure antivirus solutions to protect their systems. It is also a…
Microsoft has recommended customers to deploy the latest January 2023 security updates on on-premises Exchange servers. The company urges IT admins to keep their Exchange servers patched to protect their organization from cyberattacks and security threats. In a Techcommunity blog post, Microsoft raised an alarm that malicious actors are increasingly leveraging vulnerabilities to compromise unpatched…
Microsoft has released yesterday the January 2023 Security Updates (SUs) for all supported versions of the Exchange Server. The latest updates aim to address critical security vulnerabilities that could allow attackers to gain system privileges in Exchange Server 2013, 2016, and 2019. Microsoft also highlighted that the January 2023 updates for Exchange Server should improve…
Microsoft has issued an advisory about two new zero-day vulnerabilities affecting Exchange Server. The critical flaws, which were discovered by a Vietnamese cybersecurity company GTSC last month, impact on-premises installations of Microsoft Exchange Server 2013, 2016, and 2019. Microsoft’s Security Response Center (MRSC) detailed that the two vulnerabilities are tracked as CVE-2022-41040 and CVE-2022-41082. The…
Microsoft has published a security advisory about a new wave of malware attacks that target Exchange Servers. The company has warned IT admins that threat actors are increasingly using malicious Internet Information Services (IIS) modules to install backdoors and steal credentials. For those unfamiliar, Internet Information Services (IIS) is a web server that lets developers…
Security vendor Kaspersky has warned about a new malware that allows attackers to backdoor Microsoft Exchange servers. Dubbed SessionManager, the malicious tool has been used for the past 15 months to target NGOs, government agencies, military as well as industrial organizations across Europe, South America, Asia, and Africa. As reported by the Kaspersky researchers, the…
Microsoft has delayed its plans to release the next version of on-premises Exchange Server in the second half of 2021. The software giant has announced that the new subscription-based version of Exchange Server will launch in 2025. In a blog post published yesterday, Microsoft explained that the alarming surge in state-sponsored cyber-attacks against insecure on-premises…