Microsoft Exchange and Active Directory Blog
This weekend, Microsoft rolled out the URL rewrite rule, which prevents the successful attack via ProxyNotShell, as an emergency mitigation rule. This means that all Exchange 2016 and Exchange 2019 servers should be equipped with the workaround. However, this only applies if Exchange is at a current patch level and the emergency mitigation feature is active. For Exchange 2013 ... Read more
The Exchange Server zero-day vulnerability became known today and is already being actively exploited. A corresponding defense measure exists and should be implemented as quickly as possible. You can find out how the defense measure is implemented here: Exchange Server zero-day vulnerability is being actively exploited On the website of the company GTSC details about the currently ongoing attack were given, for this ... Read more
A zero-day vulnerability in Exchange Server 2013, 2016 and 109 is currently being actively exploited. There is currently no security update for the following vulnerabilities: CVE-2022-41040 CVE-2022-41082 However, there is a workaround to avoid a successful attack. To prevent the vulnerability from being exploited, a rule can be created for the URL Rewrite feature. To do this, ... Read more
The Exchange Health Checker is an excellent tool to get a quick overview of the status of the Exchange Server. The PowerShell script provided by Microsoft is continuously updated and can generate a report in HTML format. For a fresh Exchange 2019 installation on a Windows Server 2022, the report looks like this, for example: ... Read more
The "Microsoft Exchange Community (MEC)" conference was held from September 13 - 14, 2022. On these two days there were many sessions on Exchange on-Prem and Exchange Online. If you were unable to attend the free online conference, you can find the recordings of the sessions on Youtube: Microsoft Exchange Community (MEC) Technical Airlift - Sept 2022 Michel de Rooij also ... Read more
Unfortunately, there are still applications or devices that can only send mails without authentication. This is not possible in the Exchange Server default setting. However, a new receive connector can be set up which allows anonymous relay for certain IP addresses. The following commands can be used on a server with an English-language operating system. Read more
Duo makes it very easy to protect OWA in an Exchange on-prem organization with 2-factor authentication. Duo is free for up to 10 users: https://duo.com/editions-and-pricing/duo-free Here is a short how-to for configuration. As soon as you have created a Duo account, you can search for "OWA" in the Admin Portal under "Protect an Application" ... Read more
Microsoft announced some time ago that Basic-Auth (standard authentication) will be deactivated in all tenants for the MAPIoverHTTP, EWS, POP, IMAP and ActiveSync protocols in Exchange Online from October 1, 2022. From October 1, 2022, it will therefore no longer be possible to use Basic-Auth (transmission of user name and password via HTTPS) in Exchange Online for ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019 today. The update closes a total of 6 vulnerabilities for Exchange 2019, 3 of the vulnerabilities are considered critical. Click here to download the updates: Exchange Server 2013 CU23 Exchange Server 2016 CU22 and CU23 Exchange Server 2019 CU11 and CU12 These vulnerabilities are closed: Microsoft Exchange Information Disclosure Vulnerability ... Read more
It's been quite a while since I wrote an article about the Exchange 2019 installation. The original article dealt with the installation on Windows Server 2019, but since Windows Server 2022 is now also supported by Exchange and a few small things have changed, here is a fresh article. Defender ... Read more
