Microsoft Exchange and Active Directory Blog
A zero-day vulnerability in Exchange Server 2013, 2016 and 109 is currently being actively exploited. There is currently no security update for the following vulnerabilities: CVE-2022-41040 CVE-2022-41082 However, there is a workaround to avoid a successful attack. To prevent the vulnerability from being exploited, a rule can be created for the URL Rewrite feature. To do this, ... Read more
The "Microsoft Exchange Community (MEC)" conference was held from September 13 - 14, 2022. On these two days there were many sessions on Exchange on-Prem and Exchange Online. If you were unable to attend the free online conference, you can find the recordings of the sessions on Youtube: Microsoft Exchange Community (MEC) Technical Airlift - Sept 2022 Michel de Rooij also ... Read more
Duo makes it very easy to protect OWA in an Exchange on-prem organization with 2-factor authentication. Duo is free for up to 10 users: https://duo.com/editions-and-pricing/duo-free Here is a short how-to for configuration. As soon as you have created a Duo account, you can search for "OWA" in the Admin Portal under "Protect an Application" ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019 today. The update closes a total of 6 vulnerabilities for Exchange 2019, 3 of the vulnerabilities are considered critical. Click here to download the updates: Exchange Server 2013 CU23 Exchange Server 2016 CU22 and CU23 Exchange Server 2019 CU11 and CU12 These vulnerabilities are closed: Microsoft Exchange Information Disclosure Vulnerability ... Read more
The vacation season is just beginning and many colleagues are starting their summer vacation. Unfortunately, they often forget to activate the out-of-office assistant. I have created the "Out of Office Assistant for Admins" so that the Out of Office Assistant does not have to be activated via Exchange Shell, but can be conveniently activated in a small GUI. The small PowerShell script provides a simple GUI for activating the ... Read more
Today, Microsoft published a whole series of news about Exchange Server 2019 and the next Exchange Server version. I summarize the most important news in this article. The successor to Exchange 2019 (vNext) was first announced in September 2020 (at MS Ignite). At that time, it was said that the new Exchange version would be released in the second ... Read more
Many readers of this blog have requested an article on the subject of "Exchange Server and Reverse Proxy". Although there are already HowTos with Kemp, Sophos and F5, there also seems to be a need for open source solutions. Therefore, here is a HowTo for the use of Apache as a reverse proxy for ... Read more
The CU12 for Exchange 2019 and the CU23 for Exchange 2016 allow only the management tools to be installed on a server or workstation. Especially in a hybrid organization, where all mailboxes have already been migrated to Exchange Online, the last Exchange on-Prem can now be shut down. Before the Exchange Management Tools setup is executed ... Read more
Microsoft released new updates for Exchange Server on 20.04.2022. The new updates bring some new features and contain all previously released security updates. Click here to download directly: Exchange Server 2019 Cumulative Update 12 Exchange Server 2016 Cumulative Update 23 With the release of the updates, Microsoft is also changing the way Exchange ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. The updates can be downloaded here: Exchange Server 2013 CU23 Exchange Server 2016 CU21 and CU22 Exchange Server 2019 CU10 and CU11 The updates close the vulnerability CVE-2022-23277, which is classified as Critical, and the vulnerability CVE-2022-24463, which is classified as Important. As Exchange Server currently likes to ... Read more
