Active Directory (AD) is a primary target for attackers due to its central role in enterprise authentication and authorization. Password attacks against AD often represent an initial access vector, potentially leading to more severe compromises. A layered defense approach is necessary for robust protection. This document outlines strategies to defend AD against such attacks. Understanding [...]

Hotfix update for Microsoft Exchange Server 2019 CU15 HU2 was released on May 29, 2025. It includes fixes for nonsecurity issues and introduces new features. These fixes and features will also be included in later cumulative updates for Exchange Server 2019.  Microsoft Exchange Server Build Numbers, Cumulative Updates (CU), Security Updates (SU) and Release Dates Microsoft [...]

Introduction to Exchange Server Subscription Edition Microsoft Exchange Server has been a cornerstone of business communication since its initial release in 1993. As we approach the release of Exchange Server Subscription Edition (SE) in the third quarter of 2025, we're seeing a significant shift in Microsoft's approach to on-premises email and collaboration services. This new [...]

Russia's elite cyber espionage unit, Fancy Bear (APT28), has intensified its sophisticated attacks on Microsoft Exchange servers as part of a broader campaign targeting Western organizations supporting Ukraine. The joint cybersecurity advisory released on May 21, 2025, by 21 international intelligence agencies reveals how the Russian General Staff Main Intelligence Directorate (GRU) military unit 26165 [...]

Defender, ESET, Kaspersky, McAfee, Bitdefender Antivirus on Exchange Server Exchange Server and antivirus software must coexist properly to prevent false positives tie up support staff and cause concern in the IT group. This guide walks through essential configurations and introduces an automated solution to implement them correctly. The Critical Problem When antivirus software locks or [...]

Microsoft has released Hotfix Updates (HUs) that enables support for new functionality and address issues in earlier updates. Exchange Server 2019 Exchange Server 2016 HUs are available for the following specific versions of Exchange Server: Exchange Server 2019 CU14 and 2019 CU15 Exchange Server 2016 CU23 The April 2025 HUs do not contain any new Exchange Server security updates.  Key Updates and [...]

Microsoft has issued a warning about increased attacks on on-premises Exchange Server and SharePoint Server environments. These attacks, observed through April 2025, allow criminals to gain privileged access to networks, execute code remotely, and steal sensitive data. https://twitter.com/MsftSecIntel/status/1913268790504161725 Attack Methods Evolve Attackers now frequently use NTLM relay techniques against Exchange Server. This method exploits weaknesses [...]

Welcome to Q1 2025! Last year ended quietly with no Exchange Server updates since November. The new year promises to be eventful, with significant changes to Exchange Server and Microsoft Windows. We expect major updates and product launches from Microsoft this year. While Microsoft delivers these new product updates, Messageware is focused on continuing to [...]

The highly anticipated Exchange Server 2019 CU15 release has faced unexpected delays beyond its initial January 2025 target. Why the Delay? The postponement stems from two critical factors. First, CU15 incorporates new features as it's designed to be code-equivalent to the upcoming Exchange Subscription Edition (SE) RTM. Second, Microsoft's Technology Adoption Program (TAP) testing revealed issues [...]

Microsoft Exchange Server 2016 and 2019 are approaching a critical milestone, with both versions reaching their end of extended support on October 14, 2025. While existing installations will continue to function after this date, Microsoft has emphasized the importance of planning ahead, stating "Customer installations of Exchange 2016 and Exchange 2019 will of course continue [...]

In the past five years, Microsoft Exchange Server has weathered some of the most sophisticated and damaging cyberattacks in recent history. From the devastating Hafnium campaign that compromised over 250,000 servers globally to the stealthy ProxyLogon discovery, and the Storm-0558 intrusion that breached high-level government communications. These attacks have fundamentally changed how organizations approach email [...]

Microsoft announced they have pushed back the release of the final Cumulative Update (CU15) for Exchange Server 2019 to early January 2025. Key Points CU15, originally planned for H2 2024, will now be released as the H1 2025 CU1. This delay follows a pattern of end-of-year postponements, as similar delays occurred in 2022 and 2023. [...]

Announcing Z-Day Guard V2 with multi-server dashboards and health reports, simplifying detection and response to zero-day vulnerabilities and cyberattacks. TORONTO - Dec. 10, 2024 - PRLog -- Messageware Incorporated, a leader in advanced server security solutions, has announced the release of Z-Day Guard V2.0, the latest version of its cutting-edge cybersecurity product for Windows and Exchange Servers. Building on its robust capabilities, [...]

Microsoft has re-released the November 2024 SUs for Exchange Server. The original release of these SUs (released on 11/12/2024) introduced an issue with Exchange Server transport rules stopping after a certain amount of time in some environments. The re-released SUs resolve this issue. To help you understand how to move forward, refer to this post. [...]

Season’s Greetings from all of us as Thanksgiving and Christmas approach. And, as 2024 comes to a close, it’s the perfect time to focus on end-of-year security preparations. Ensure your systems are protected by implementing our automated security solutions for the holiday season. Messageware Z-Day Guard for Microsoft Servers 15 minute Security Challenge: Get Protected [...]

AD account lockouts can be disruptive and frustrating for users, support staff, and administrators. However, they play a crucial role in security by preventing password guessing through repeated login attempts, such as brute force attacks. Without the protection provided by account lockouts, passwords could eventually be compromised, leading to unauthorized access. This step-by-step guide will [...]

Active Directory (AD) and Azure Active Directory (AAD) are critical components for IT infrastructure: responsible for everything user account based from managing employee onboarding and offboarding, access permissions, network resources, and devices. Due to AD’s crucial role, cyber attacks cause significant disruptions, leading to operational and business outages and losses. As a result of one [...]

The Iranian state-sponsored hacking group known as APT34, also called OilRig or Earth Simnavaz, has recently intensified its cyber espionage activities, targeting government and critical infrastructure entities in the United Arab Emirates and the broader Gulf region. This escalation involves sophisticated tactics and the exploitation of newly discovered vulnerabilities, demonstrating the group's evolving capabilities and [...]

In this quarter's newsletter, we'll dive into the latest cybersecurity news, Microsoft releases, and exciting new Z-Day Guard v1.5 security features for servers. Messageware Z-Day Guard for Microsoft Servers 15 minute Security Challenge: Are Your Servers Properly Monitored? Take just 15 minutes to try Messageware's Z-Day Guard on a Windows or Exchange Server. Z-Day Guard offers [...]

Microsoft has announced significant changes to the Exchange Server roadmap, introducing Exchange Server Subscription Edition (SE) as the next major release. This update brings important implications for organizations currently running Exchange Server 2013 and 2016. Key Points Exchange Server SE will be available for download in early Q3 2025. Exchange 2013 and 2016 will no [...]