Microsoft Exchange and Active Directory Blog
At the turn of the year, there is a problem with mail delivery on Exchange servers. Mails get stuck in the queue with the following message: "The message was put on hold by the categorization agent" Mails are neither sent nor received. This problem has been occurring on all Exchange 2016 / 2019 servers since 01.01.2022 and is caused by the transport agent "Malware Agent" ... Read more
Exchange Server leaves old data or versions of the OWA and ECP directories on the file system after almost every update. In particular, the directory "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa\prem" takes up a lot of space on the file system after a long runtime and correspondingly many updates. Here is an example of an Exchange Server that has been running for a while: Old file versions ... Read more
There are currently still many Exchange servers that have not been provided with the urgently needed security updates. This is not only about the ProxyLogon and ProxyShell vulnerabilities, which were already closed in April by corresponding updates, but now also about the vulnerability CVE-2021-42321, which has been closed with the latest Exchange updates. About the exploitation of ... Read more
Microsoft has released new security updates for all supported Exchange Servers (2013, 2016, 2019). In particular, Microsoft mentions the vulnerability CVE-2021-42321 (Remote Code Execution) in Exchange 2016 and 2019, which is already being exploited in a limited number of targeted attacks. The number of attacks is likely to increase as the update may now make the vulnerability easier to detect. ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 209. These three vulnerabilities are fixed in Exchange Server 2016 and 2019: CVE-2021-41350 CVE-2021-41348 CVE-2021-34453 CVE-2021-41348 is a High severity vulnerability that allows privilege escalation. The following vulnerability is fixed in Exchange 2013: CVE-2021-26427 CVE-2021-26427 is ... Read more
Sometimes the Exchange log and trace files can take up a lot of disk space, which is why I get requests from time to time asking how the logs can be cleaned up. In most cases, the Exchange partition threatens to fill up and in many cases this is also the system partition. Unfortunately, in many cases the system partition, on which Exchange ... Read more
Exchange Emergency Mitigation (EM) is, as already mentioned in this article, available from CU 11 for Exchange 2019 and CU 22 for Exchange 2016. The way it works is as simple as it is effective: The Exchange servers check every hour whether there is a new set of rules for mitigating a vulnerability. For this purpose, a signed XML document is sent every hour from ... Read more
Microsoft has released new updates for Exchange Server 2016 and 2019. Originally, Exchange 2016 was only supposed to receive security updates and no more new features via CU. However, CU 22 has now been released for Exchange 2016. CU 11 has been released for Exchange 2019. Both CUs contain the new "Exchange Emergency Mitigation" feature, which ... Read more
I have just uploaded the new version 3.10 of the Exchange Reporter. In the new version I have fixed numerous bugs that were reported to me. Here is a list of the fixed problems: mbxreport.ps1: Mailboxes close to the sending limit are not displayed (thanks Mario) mailreport.ps1: spelling error corrected (thanks Matthias) Error of module assignment in settings.ini corrected HealthChecker.ps1: HealthChecker script updated ... Read more
In a previous article, I described where the AMSI log files of the Exchange server can be found. As the logs are stored locally on the Exchange server, the logs are of little use if nobody reads them and attacks are only detected when it is too late. However, the logs can also be easily ... Read more
