Gaps in Multi-Factor Authentication (MFA) In this article, we will explore some of the drawbacks of MFA/2FA as a user security tool. Multi-Factor Authentication (MFA), also known as 2-Factor Authentication (2FA), has become an essential tool for protecting user accounts. It has become so ubiquitous, Microsoft has recently started enforcing it on all tenants by [...]
Last year, Microsoft announced a new servicing model for Exchange Server, with two Cumulative Updates (CUs) per year. However, Microsoft won't be releasing a second CU for 2023. There are two more CUs on the horizon for Exchange Server 2019: CU14 (H1 2024) and CU15 (H2 2024). The release date for CU14 has shifted to [...]
What are Windows cached credentials? The purpose of Windows cached credentials is to enable users to log into their accounts and access network resources even when the authentication server is unavailable, such as during offline use, while also improving login performance by reducing the need for frequent server authentications. Cached credentials are stored locally on [...]
Microsoft's Shift in Servicing Cadence In a move that reflects a commitment to both innovation and stability, Microsoft announced last year a change in its servicing model for Exchange Server. This strategic shift saw the company adopt a twice-yearly release schedule for Cumulative Updates (CUs), targeting the first and second halves of each calendar year. [...]
Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2019 Exchange Server 2016 SUs are available for the following specific versions of Exchange Server: Exchange Server 2019 CU12 and CU13 Exchange Server 2016 CU23 The November 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. These vulnerabilities affect [...]
Microsoft Exchange is currently under threat due to four newly discovered zero-day vulnerabilities, which attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. These vulnerabilities were disclosed by Trend Micro's Zero Day Initiative (ZDI) on September 7th and 8th, 2023. Despite their potential threat, Microsoft has chosen to delay [...]
Software Release – EPG 3.7.6 Toronto, Canada – October 24th, 2023: Messageware Incorporated, the leader in Microsoft Exchange security and productivity tools, announced a major update of their flagship product Messageware Exchange Protocol Guard (EPG). The following updates are now available for customers and trial users: Messageware EPG 2019 v3.7.6 Messageware EPG 2016 v3.7.6 Messageware EPG [...]
October has been a busy month of changes for Exchange Online users. This article summarizes recent updates and announcements from Microsoft on the Exchange Team Blog. 1) Farewell to Remote PowerShell in Exchange Online Earlier this year, Microsoft officially depreciated the Remote PowerShell Protocol (RPS) in Exchange Online. This month, RPS is no longer available [...]
Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2019 Exchange Server 2016 SUs are available for the following specific versions of Exchange Server: Exchange Server 2019 CU12 and CU13 Exchange Server 2016 CU23 The October 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are [...]
Article Summary: This article examines the common Exchange Server attacks that result in Active Directory lockouts and effective techniques to prevent Active Directory user accounts lockouts. By deploying intelligent threat detection, enforcing strong password policies, enabling multi-factor authentication, and monitoring signs of compromise, companies can thwart attackers’ efforts to access mailboxes and maintain business continuity. [...]
Who’s probing your Exchange Server? Today’s systems reveal more information to the internet than intended. If you have an internet facing Exchange Server, it is being probed to discover its specifications, vulnerabilities, and weaknesses. RELATED: Watch a video on High Volume Attacks attacks on Exchange Server Hackers Hackers probe Exchange Servers to identify weaknesses or [...]
For the past 30 years, Messageware has provided cutting-edge Microsoft solutions, and empowered businesses with tools to enhance their productivity and security. As we celebrate Messageware's anniversary, we reflect on its remarkable journey of innovation and growth. For more information, visit our About Us page. The Early Days Messageware's story began in 1993. Our founder [...]
Important: The Aug 8 SU has been withdrawn and re-released by Microsoft due to installation issues in some environments. For more information and what to do if you installed Aug 8 SUv1 you can refer to the Microsoft blog article here: Re-release of August 2023 Exchange Server Security Update packages - Microsoft Community Hub. Otherwise, proceed [...]
Microsoft has re-released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2019 Exchange Server 2016 SUs are available for the following specific versions of Exchange Server: Exchange Server 2019 CU12 and CU13 Exchange Server 2016 CU23 More information from Microsoft about the re-release is available here. The following table describes the actions you need to take based on [...]
Great news - Messageware has reached a significant milestone in its journey. Our software is now used in an impressive 55 countries worldwide! Our dedicated team of experts continuously improve our Microsoft Exchange Server security software to stay ahead of ever-evolving cyber threats. We’re proud of our growing client base: 2500+ enterprises in all industries; [...]
UPDATE: Microsoft re-released the SU on August 15th, 2023. See more details here. The August 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your [...]
In this article, we'll answer frequently asked questions about how to manage your Active Directory Lockout policy. There is no one-size-fits-all approach to customizing these settings as organizations have different risk levels. For helpful information about what causes frequent Active Directory account lockouts, check out our blog "Solved: Active Directory Account Lockouts and How to [...]
Microsoft and the Ukraine CERT have identified targeted attacks against the defense industry and Microsoft Exchange servers by a Russian state-sponsored hacking group known as Turla. The attacks leverage a new malware backdoor called 'DeliveryCheck,' a .NET backdoor which can execute second-stage payloads. What makes DeliveryCheck stand out is its Microsoft Exchange Server-side component. The [...]
This article will explain the most common causes of Active Directory Lockouts, and how to mitigate them. For information on managing your Active Directory account policies and changing settings, refer to our blog: How to Change Active Directory (AD) Lockout Policy. What is Active Directory? Active Directory account lockouts are a common issue that system [...]
Microsoft confirms that Chinese hackers breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies. The attacks were carried out by a threat group tracked as Storm-0558, who used an inactive consumer signing key to create tokens for Azure Active Directory and Microsoft accounts (MSA) to access [...]
