Microsoft Exchange Server – Security Updates – May 2022
jeanm2022-06-11T11:54:01-04:00Microsoft has released security updates (SUs) for vulnerabilities found in Exchange Server 2013, Exchange Server 2016, Exchange Server 2019.
25
05, 2022
15
05, 2022
IceApple exploit framework targeting Microsoft Exchange servers
jeanm2022-12-27T07:22:34-05:00Stealthy, “highly sophisticated” post-exploitation framework used for data exfiltration likely the work of a state-sponsored threat actor. In late 2021, security researchers on CrowdStrike’s Falcon OverWatch team first detected a modular exploit targeting Microsoft Exchange Servers. Dubbed IceApple, the .NET-based framework has been observed in “distinct locations” and primarily directed toward entities in government, academic [...]
10
05, 2022
Microsoft Exchange Server Build Numbers, Cumulative Updates (CU), Security Updates (SU) and Release Dates
jeanm2025-10-15T08:04:44-04:00You can use the information in this article to verify the version of Exchange that is running in your organization. This article is organized into sections by Exchange version (2010, 2013, 2016, 2019). Microsoft's monthly “Patch Tuesday” releases are listed below, with their corresponding build numbers and release dates for each Service Pack (SP), Cumulative [...]
26
04, 2022
Microsoft Exchange – Messageware Q2 2022 Newsletter
jeanm2023-12-01T14:45:18-05:00In 2022, a wave of cyberattacks and data breaches swept across the globe after multiple zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to servers and email. Recently, businesses were warned that Chinese and Russian cyberattacks are imminent and that business leaders must act to strengthen their digital defences. Here [...]
22
04, 2022
Microsoft Exchange Server – Cumulative Updates – April 2022
jeanm2022-06-14T06:55:46-04:00On April 20, 2022 Microsoft released new Cumulative Updates: Exchange 2016 CU23 and Exchange 2019 CU12. The previous Cumulative Updates were released on September 28, 2021, more than 6 months ago.
10
03, 2022
Microsoft March 2022 Patch Tuesday: 2 Exchange Server vulnerabilities fixed
jeanm2022-06-01T12:18:47-04:00The March 2022 SUs for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately. These vulnerabilities affect on-premises Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange [...]
17
02, 2022
Microsoft launches quarterly Cyber Security Intelligence Brief
jeanm2022-06-14T06:54:14-04:00Microsoft has just launched a quarterly cyber threat intelligence brief branded Cyber Signals. The new publication offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and strategies used by the world’s most prolific threat actors. Cyber Signals is aimed at Chief Information Security Officers, Chief Information Officers, Chief Privacy Officers, and their teams, as they continue [...]
8
02, 2022
Microsoft revisits the Priority Account Protection in 365
jeanm2022-06-14T06:54:33-04:00Microsoft revisits the Priority Account Protection in 365: (Microsoft 365 Defender): Applying a higher level of protection to accounts likely to be targeted by attackers is a more compelling offer as the last thing you want is for an executive to fall foul of a business email compromise attack or other phishing attempts like the recent Office VoIP voicemail [...]
11
01, 2022
Microsoft Exchange Server – January 2022 Exchange Server Security Updates
jeanm2022-06-14T06:56:33-04:00January 2022 Exchange Server Security Updates Microsoft has released security updates for vulnerabilities found in: Exchange Server 2019 Cumulative Update 11 Security Update 3 (KB5008631) Exchange Server 2019 Cumulative Update 10 Security Update 4 (KB5008631) Exchange Server 2016 Cumulative Update 22 Security Update 3 (KB5008631) Exchange Server 2016 Cumulative Update 21 Security Update 4 (KB5008631) Exchange [...]
4
01, 2022
Microsoft Releases Emergency Y2K22 Patch For On-Prem Exchange Server
jeanm2022-06-14T06:56:46-04:00As we all ushered in the New Year, a date check failure in Exchange Server 2016 and 2019 made it impossible for Exchange servers to accommodate the year 2022. The bug, dubbed 'the Y2K22 bug' prevented on-premise Microsoft Exchange servers from sending millions of emails. Fortunately, Microsoft was quick to act and has released an [...]
21
12, 2021
Microsoft Exchange – Messageware Q4 2021 Newsletter
jeanm2022-01-18T10:11:25-05:00It's December, and there is plenty of good news... Microsoft has not released any December Exchange Server CUs or SUs, Messageware Exchange Server Guard now secures more Exchange Servers than ever, and the holiday season is upon us! But while everything feels a little more upbeat this week, the second half of 2021 was undoubtedly challenging, with [...]
14
12, 2021
Microsoft Exchange Server Security – December 2021 CUs Postponed, Critical SUs Needed
jeanm2022-06-11T11:37:59-04:00Microsoft announces there is no major CU release for December 2021. Microsoft typically releases Cumulative Updates quarterly for Exchange Server 2019, 2016, and 2013. There have been a number of critical Security Updates since the latest September 2021 CUs: see KB5007409, KB5007012. For convenience, here are direct links to the Microsoft downloads for the latest [...]
16
11, 2021
Microsoft Exchange Server Security – November 2021 Updates
jeanm2022-06-11T11:37:33-04:00The November 2021 security updates for Exchange Server address vulnerabilities reported by security partners and found through Microsoft’s internal processes. We are aware of limited targeted attacks in the wild using one of vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment. For convenience, [...]
12
10, 2021
Microsoft Exchange Server – October 2021 Exchange Server Security Updates
jeanm2022-06-11T11:48:59-04:00October 2021 Exchange Server Security Updates Microsoft has released security updates for vulnerabilities found in: Exchange Server 2013 CU23 (Exchange 2013 customers might also need to /prepareschema. Please see this post.) Exchange Server 2016 CU21 and CU22 Exchange Server 2019 CU10 and CU11 For full details refer to this article. Summary of updates: Be sure to visit Messageware Security Products for Microsoft Exchange [...]
10
10, 2021
Microsoft Exchange – Messageware Q3 2021 Newsletter
smithanst2022-06-11T11:35:53-04:00This year Hafnium exploited Microsft Exchange vulnerabilities. Other cyberattackers are following suit. But if you're like most organizations, you simply do not have the resources to protect against attackers constantly probing and attempting to access your Exchange Servers. Or do you? Let me explain. Messageware EPG can be your first line of defence against attackers. [...]
24
09, 2021
Brute Force password attack causes massive disruption at hospital
smithanst2023-09-19T10:29:34-04:00Early in the morning, a sudden spike in calls to the helpdesk for password resets and releases swamped IT-support staff at a hospital network. User accounts were under attack and Active Directory lockouts were spreading fast. Together we installed Messageware Exchange Protocol Guard (EPG) to look in detail at Outlook Web and immediately two things [...]
10
09, 2021
Notes From the Field: Government agency stolen passwords bypass 2FA Security
smithanst2023-04-24T06:53:38-04:00The UK's National Cyber Security Centre (NCSC) is warning that criminals are looking to exploit the trend toward home office (Coronavirus) to conduct cyberattacks and hacking campaigns. These ‘phishing’ attempts have been seen in several countries and can lead to significant losses: financial, reputational, and sensitive data. And no one is immune —as you'll read [...]
24
08, 2021
Bots Automatically Target Credit Union’s Exchange Servers With Password Spray Attacks
smithanst2023-09-21T03:01:29-04:00Exchange Server Hacks: Notes From The Field Summary: In this article we look at how bots targeting a credit union's Exchange Servers with password spray attacks caused AD account lockouts. Cybersecurity is a top concern for everyone in the banking and financial sectors, and credit unions are no exception. The speed at which bots discover [...]
20
07, 2021
Microsoft Exchange – Messageware Q2 2021 Newsletter
jeanm2023-08-29T03:09:48-04:00The first half of 2021 has been a very challenging period for everyone with Microsoft Exchange Servers. Numerous zero-day attacks and hackers adjusting published code to work-around emergency patches stretched messaging team resources to the limit. Of interest during this period was the increased recognition that we want to know more about what is affecting [...]
17
07, 2021
Exchange Protocol Guard – Software Release – EPG 3.6.1
jeanm2022-06-11T11:50:52-04:00Software Release - EPG 3.6.1 The following updates are now available now EPG 3.6.1 customers and trial users. Messageware EPG 2019 v3.6.1 Messageware EPG 2016 v3.6.1 Messageware EPG 2013 v3.6.1 Note: Prior to upgrading from 3.5 or earlier, make note of all entries in IP Filtering menu - Allow Lists tab. These IPs will need [...]