Microsoft Exchange and Active Directory Blog
In the case of successfully attacked Exchange servers with the HAFNIUM exploit, the directory permissions may be changed, resulting in affected Exchange servers reporting an error message when installing updates. Here is an example of a directory where the permissions have been changed: As can be seen in the screenshot, the permissions for the principal ... Read more
The exploit for the Exchange vulnerabilities is now publicly available and, as was to be expected, is spreading even further. Initially, the exploit was blocked on GitHub, which naturally resulted in the exploit being published on various sites. In the meantime, the exploit is also available again on GitHub, only on other ... Read more
Due to the severity of the HAFNIUM exploit, Microsoft has released further updates for older Exchange Server versions. However, the updates cannot be obtained via Windows Update, but must be downloaded and installed manually. Further information on the updates can be found here: March 2021 Exchange Server Security Updates for older Cumulative Updates of Exchange Server Some ... Read more
Many admins are currently reporting a successful attack on their Exchange server. Many are finding evidence of unauthorized access or even an installed web shell. Many are now unsure what to do or how to proceed. Some are now implementing IIS rewrite rules or deactivating the UM services, for example, as described in this article by ... Read more
Many people have already noticed and reported that the newsletter no longer works. It wasn't actually a newsletter, but rather a notification of new posts. Unfortunately, the WordPress plugin I had been using no longer worked reliably and sending the emails also caused problems. Many ... Read more
Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. The prompt installation of the security updates for the affected Exchange versions is recommended by Microsoft, as the vulnerabilities are already being exploited: As active exploitation of related vulnerabilities in the wild is known (limited targeted attacks), our recommendation is to install these updates immediately to prevent ... Read more
The Microsoft Ignite digital event starts again tomorrow. As last year, participation is free of charge: https://myignite.microsoft.com/home So if you want to register quickly, you can do so via the link. However, the sessions at the last Ignite were also recorded and posted online on YouTube, for example. So the sessions can also be ... Read more
I found some time to test the preview of Windows Server 2022 and installed the new server operating system from Microsoft in a VM. The preview build 20298.1 was released yesterday. Unfortunately, there is not really much new to see, so there is only a short article here. Participants of the Windows Server Insider ... Read more
The last article on Sophos XG in conjunction with Exchange is a bit outdated, so here is an updated version. At the moment SFOS 18 is current, I tested version 18.0.4 MR-4. My small test environment is set up as follows: Exchange is set to the hostnames outlook.frankyswebweblab.de for ... Read more
Zevenet Loadbalancer is the successor to Zen Loadbalancer, for which I wrote a howto some time ago. Zevenet Loadbalancer is particularly suitable for test environments as it is quick to install and configure and is also free of charge. So here is an updated how-to on Zevenet and Exchange 2019. The Zevenet load balancer ... Read more
