A critical zero-day vulnerability in Microsoft SharePoint has triggered widespread cyberattacks across the globe, affecting businesses, government agencies, and educational institutions. The attack exploits a previously unknown security flaw that allows hackers to gain complete control over on-premises SharePoint servers without authentication. Microsoft has now directly attributed these attacks to Chinese state-sponsored hacking groups. Scale [...]

Microsoft has announced an optional 6-month Extended Security Update (ESU) program for Exchange Server 2016 and 2019, providing a temporary bridge for organizations struggling to complete their migrations before the upcoming end-of-support deadline. This program represents Microsoft's response to customer feedback indicating that some organizations need additional time to finalize their transitions to Exchange Subscription [...]

The second week of July 2025 marked a significant disruption in Microsoft's cloud ecosystem, with a cascading series of outages that affected millions of users worldwide. What began as isolated reports of service issues on July 9th quickly escalated into one of the most prolonged and impactful outages in Microsoft 365's history, lasting over 19 [...]

Microsoft Exchange Server Subscription Edition (SE) is now available for general release as of July 1, 2025. This marks a significant shift in how Microsoft delivers and supports its on-premises email server solution. What Exchange Server SE Brings to Organizations Exchange Server SE represents the future of Microsoft's on-premises email platform. The product operates under [...]

Active Directory (AD) is a primary target for attackers due to its central role in enterprise authentication and authorization. Password attacks against AD often represent an initial access vector, potentially leading to more severe compromises. A layered defense approach is necessary for robust protection. This document outlines strategies to defend AD against such attacks. Understanding [...]

Hotfix update for Microsoft Exchange Server 2019 CU15 HU2 was released on May 29, 2025. It includes fixes for nonsecurity issues and introduces new features. These fixes and features will also be included in later cumulative updates for Exchange Server 2019.  Microsoft Exchange Server Build Numbers, Cumulative Updates (CU), Security Updates (SU) and Release Dates Microsoft [...]

Introduction to Exchange Server Subscription Edition Microsoft Exchange Server has been a cornerstone of business communication since its initial release in 1993. As we approach the release of Exchange Server Subscription Edition (SE) in the third quarter of 2025, we're seeing a significant shift in Microsoft's approach to on-premises email and collaboration services. This new [...]

Russia's elite cyber espionage unit, Fancy Bear (APT28), has intensified its sophisticated attacks on Microsoft Exchange servers as part of a broader campaign targeting Western organizations supporting Ukraine. The joint cybersecurity advisory released on May 21, 2025, by 21 international intelligence agencies reveals how the Russian General Staff Main Intelligence Directorate (GRU) military unit 26165 [...]

Defender, ESET, Kaspersky, McAfee, Bitdefender Antivirus on Exchange Server Exchange Server and antivirus software must coexist properly to prevent false positives tie up support staff and cause concern in the IT group. This guide walks through essential configurations and introduces an automated solution to implement them correctly. The Critical Problem When antivirus software locks or [...]

Microsoft has released Hotfix Updates (HUs) that enables support for new functionality and address issues in earlier updates. Exchange Server 2019 Exchange Server 2016 HUs are available for the following specific versions of Exchange Server: Exchange Server 2019 CU14 and 2019 CU15 Exchange Server 2016 CU23 The April 2025 HUs do not contain any new Exchange Server security updates.  Key Updates and [...]

Microsoft has issued a warning about increased attacks on on-premises Exchange Server and SharePoint Server environments. These attacks, observed through April 2025, allow criminals to gain privileged access to networks, execute code remotely, and steal sensitive data. https://twitter.com/MsftSecIntel/status/1913268790504161725 Attack Methods Evolve Attackers now frequently use NTLM relay techniques against Exchange Server. This method exploits weaknesses [...]

Welcome to Q1 2025! Last year ended quietly with no Exchange Server updates since November. The new year promises to be eventful, with significant changes to Exchange Server and Microsoft Windows. We expect major updates and product launches from Microsoft this year. While Microsoft delivers these new product updates, Messageware is focused on continuing to [...]

The highly anticipated Exchange Server 2019 CU15 release has faced unexpected delays beyond its initial January 2025 target. Why the Delay? The postponement stems from two critical factors. First, CU15 incorporates new features as it's designed to be code-equivalent to the upcoming Exchange Subscription Edition (SE) RTM. Second, Microsoft's Technology Adoption Program (TAP) testing revealed issues [...]

Microsoft Exchange Server 2016 and 2019 are approaching a critical milestone, with both versions reaching their end of extended support on October 14, 2025. While existing installations will continue to function after this date, Microsoft has emphasized the importance of planning ahead, stating "Customer installations of Exchange 2016 and Exchange 2019 will of course continue [...]

In the past five years, Microsoft Exchange Server has weathered some of the most sophisticated and damaging cyberattacks in recent history. From the devastating Hafnium campaign that compromised over 250,000 servers globally to the stealthy ProxyLogon discovery, and the Storm-0558 intrusion that breached high-level government communications. These attacks have fundamentally changed how organizations approach email [...]

Microsoft announced they have pushed back the release of the final Cumulative Update (CU15) for Exchange Server 2019 to early January 2025. Key Points CU15, originally planned for H2 2024, will now be released as the H1 2025 CU1. This delay follows a pattern of end-of-year postponements, as similar delays occurred in 2022 and 2023. [...]

Announcing Z-Day Guard V2 with multi-server dashboards and health reports, simplifying detection and response to zero-day vulnerabilities and cyberattacks. TORONTO - Dec. 10, 2024 - PRLog -- Messageware Incorporated, a leader in advanced server security solutions, has announced the release of Z-Day Guard V2.0, the latest version of its cutting-edge cybersecurity product for Windows and Exchange Servers. Building on its robust capabilities, [...]

Microsoft has re-released the November 2024 SUs for Exchange Server. The original release of these SUs (released on 11/12/2024) introduced an issue with Exchange Server transport rules stopping after a certain amount of time in some environments. The re-released SUs resolve this issue. To help you understand how to move forward, refer to this post. [...]

Season’s Greetings from all of us as Thanksgiving and Christmas approach. And, as 2024 comes to a close, it’s the perfect time to focus on end-of-year security preparations. Ensure your systems are protected by implementing our automated security solutions for the holiday season. Messageware Z-Day Guard for Microsoft Servers 15 minute Security Challenge: Get Protected [...]

AD account lockouts can be disruptive and frustrating for users, support staff, and administrators. However, they play a crucial role in security by preventing password guessing through repeated login attempts, such as brute force attacks. Without the protection provided by account lockouts, passwords could eventually be compromised, leading to unauthorized access. This step-by-step guide will [...]