Microsoft Exchange and Active Directory Blog
On Tuesday, Microsoft released new security updates for Exchange Server 2013, 2016 and 2019. The update closes the ProxyNotShell vulnerability (CVE-2022-41040 and CVE-2022-41082), which was known and actively exploited in September. Click here to download the security updates: Microsoft recommends installing the update as soon as possible. Click here for the article on the Exchange ... Read more
Two Outlook Autodiscover settings, which are active in the default setting, often cause problems when setting up Outlook accounts. In the default setting, Outlook always tries to retrieve Autodiscover settings from Microsoft 365, which often leads to problems with on-prem Exchange servers. Outlook also tries to retrieve the Autodiscover settings from the root domain ... Read more
AutoMapping is a very practical feature in Exchange Server, but unfortunately it is somewhat limited: AutoMapping only automatically connects a mailbox in Outlook if the user has full access to the mailbox. As soon as granular permissions are configured at mailbox level, AutoMapping no longer takes effect. In this case, the user must manually reconnect the mailbox with the granular rights. ... Read more
Unfortunately, Exchange 2019 only offers a few settings for resource mailboxes (room and device mailboxes) in the Exchange Administrative Center. Many settings for booking permissions or calendar settings can only be managed via the Exchange Management Shell. Create resource mailboxes with the Exchange Management Shell With small PowerShell scripts, resource mailboxes can be created quickly and always according to the same scheme. Here ... Read more
Microsoft has released new security updates for all supported Exchange Server versions today. Microsoft explicitly points out that the updates do not contain a fix for the zero-day vulnerabilities (ProxyNotShell). The following vulnerabilities are fixed by the security update, three of the vulnerabilities are considered critical: CVE-2022-21979 CVE-2022-21980 CVE-2022-24477 CVE-2022-24516 CVE-2022-30134 The updates can be downloaded here: Exchange Server ... Read more
The Exchange Mitigation EM1, which was published by Microsoft at the weekend, does not adequately seal the Exchange zero-day vulnerability ProxyNotShell (CVE-2022-41040) and can be easily bypassed. The problem is an "@" character in the Reg-Ex pattern, which makes the rule too precise. The Reg-Ex can thus be bypassed by making slight adjustments. This means that the rule is no longer ... Read more
Many people will probably know JAM Software from the TreeSize tool, but JAM Software also has a product called "Exchange Server Toolbox" in its range. According to JAM Software, the Exchange Server Toolbox includes legally compliant and GDPR/GoBD-compliant email archiving, as well as a spam filter based on SpamAssassin, a virus scanner based on ClamAV and ... Read more
This weekend, Microsoft rolled out the URL rewrite rule, which prevents the successful attack via ProxyNotShell, as an emergency mitigation rule. This means that all Exchange 2016 and Exchange 2019 servers should be equipped with the workaround. However, this only applies if Exchange is at a current patch level and the emergency mitigation feature is active. For Exchange 2013 ... Read more
The Exchange Server zero-day vulnerability became known today and is already being actively exploited. A corresponding defense measure exists and should be implemented as quickly as possible. You can find out how the defense measure is implemented here: Exchange Server zero-day vulnerability is being actively exploited On the website of the company GTSC details about the currently ongoing attack were given, for this ... Read more
A zero-day vulnerability in Exchange Server 2013, 2016 and 109 is currently being actively exploited. There is currently no security update for the following vulnerabilities: CVE-2022-41040 CVE-2022-41082 However, there is a workaround to avoid a successful attack. To prevent the vulnerability from being exploited, a rule can be created for the URL Rewrite feature. To do this, ... Read more
