Microsoft Exchange and Active Directory Blog
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. The updates can be downloaded here: Exchange Server 2013 CU23 Exchange Server 2016 CU21 and CU22 Exchange Server 2019 CU10 and CU11 The updates close the vulnerability CVE-2022-23277, which is classified as Critical, and the vulnerability CVE-2022-24463, which is classified as Important. As Exchange Server currently likes to ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. The security update is intended to fix the following three vulnerabilities CVE-2022-21969 (Important) CVE-2022-21855 (Important) CVE-2022-21846 (Critical) The three vulnerabilities mentioned are errors that allow remote code execution. The updates should therefore be installed as soon as possible, even if no exploitation is currently ... Read more
There are currently still many Exchange servers that have not been provided with the urgently needed security updates. This is not only about the ProxyLogon and ProxyShell vulnerabilities, which were already closed in April by corresponding updates, but now also about the vulnerability CVE-2021-42321, which has been closed with the latest Exchange updates. About the exploitation of ... Read more
Microsoft has released new security updates for all supported Exchange Servers (2013, 2016, 2019). In particular, Microsoft mentions the vulnerability CVE-2021-42321 (Remote Code Execution) in Exchange 2016 and 2019, which is already being exploited in a limited number of targeted attacks. The number of attacks is likely to increase as the update may now make the vulnerability easier to detect. ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 209. These three vulnerabilities are fixed in Exchange Server 2016 and 2019: CVE-2021-41350 CVE-2021-41348 CVE-2021-34453 CVE-2021-41348 is a High severity vulnerability that allows privilege escalation. The following vulnerability is fixed in Exchange 2013: CVE-2021-26427 CVE-2021-26427 is ... Read more
It's currently in the news again: attackers are trying to exploit Exchange security vulnerabilities. This time, however, the updates have been available for some time. Anyone who has not yet installed the latest security updates should do so as soon as possible. Here is a summary of the available security updates: New security updates for Exchange Server (April 2021) New security updates for Exchange Server ... Read more
After installing the July security updates, it may happen that the Exchange Administrative Center (EAC) and OWA can no longer be opened. The cause is an expired certificate for Exchange Server OAuth authentication. Microsoft also refers to this problem in the release notes of the updates. Unfortunately, the notes on the updates are overlooked ... Read more
A week ago, Microsoft released new security updates for Exchange Server 2013, 2016 and 2019. I'm only reporting on this now because I've been on vacation for the last 14 days. But thanks to the CVE reporter, this shouldn't be a problem :-) The following four vulnerabilities are closed by the updates CVE-2021-31196 CVE-2021-34470 CVE-2021-33768 CVE-2021-31206 Here's ... Read more
Microsoft has released new security updates for all Exchange Server versions (2013 - 2019). This time it concerns the vulnerabilities that were successfully used in Pwn2Own 2021 to attack Exchange Server. The following vulnerabilities are fixed: CVE-2021-31209 CVE-2021-31207 CVE-2021-31198 CVE-2021-31195 Here is a description from the Pwn2Own website, presumably exactly this vulnerability is now fixed: The ... Read more
Microsoft has released new security updates for all Exchange Server versions (2013 - 2019). These are likely to fix the vulnerabilities that were used in the Pwn2Own 2021 to attack Exchange Server. The following vulnerabilities are fixed: CVE-2021-28483 CVE-2021-28482 CVE-2021-28481 CVE-2021-28480 Here is a description from the Pwn2Own website, probably exactly this ... Read more
