In the summer of 2023, Microsoft faced a major cybersecurity crisis when Chinese state-sponsored hackers managed to breach the email accounts of several U.S. government officials and organizations through Microsoft's Exchange Online software. The incident, which affected over 500 individuals and 22 organizations, has been described as a "cascade of security failures" by the U.S. [...]
If you're a Windows administrator, you might want to hold off on installing the latest March 2024 Windows Server updates. Widespread reports have surfaced of domain controllers crashing and restarting after applying these updates, causing headaches for IT professionals and disruptions for businesses. The Culprit: LSASS Memory Leak The root of the problem appears to [...]
Description of Security Update 5 for Exchange Server 2019: March 12, 2024 (KB5036402) The March 2024 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your [...]
Tens of thousands of Microsoft Exchange servers worldwide could be vulnerable to a recently disclosed zero-day privilege escalation vulnerability that is already being actively exploited by threat actors. The vulnerability, tracked as CVE-2024-21410, allows a remote, unauthenticated attacker to relay a user's Windows NT LAN Manager (NTLM) credentials or "hashes" to impersonate legitimate users on [...]
2024 H1 Cumulative Update for Exchange Server Microsoft announced the availability of the 2024 H1 Cumulative Update (CU) for Exchange Server 2019 (aka CU14). CU14 includes fixes for customer reported issues, a security change, and all previously released Security Updates (SUs). FEATURED PRODUCT Z-Day Guard for Servers Next generation threat hunting for zero-day attacks on [...]
Feb 13, 2024, users connecting to Exchange Online with the latest version of Outlook Desktop are being impacted, as reported today by Petri and Windows Report news sites. The issue has been occurring since early February and is under investigation by Microsoft. The ActiveSync issues are specific to those with 365 Exchange Online, and those [...]
CVE-2024-21410 is a critical security vulnerability in Microsoft Exchange Server with a CVSS severity score of 9.8. The vulnerability allows attackers to perform privilege escalation attacks by exploiting NTLM credential leaking in clients like Outlook. Key Details Attack Method: An attacker targets NTLM clients (like Outlook) to leak credentials, which can then be relayed against [...]
On January 19th, Microsoft disclosed that a group of Russian state-sponsored hackers, known as Nobelium or Midnight Blizzard, infiltrated its corporate systems and accessed sensitive emails from members of its leadership team. New details have now emerged explaining how the attackers gained entry and what they were after. The initial breach occurred in late November [...]
October has been a busy month of changes for Exchange Online users. This article summarizes recent updates and announcements from Microsoft on the Exchange Team Blog. 1) Farewell to Remote PowerShell in Exchange Online Earlier this year, Microsoft officially depreciated the Remote PowerShell Protocol (RPS) in Exchange Online. This month, RPS is no longer available [...]
Great news - Messageware has reached a significant milestone in its journey. Our software is now used in an impressive 55 countries worldwide! Our dedicated team of experts continuously improve our Microsoft Exchange Server security software to stay ahead of ever-evolving cyber threats. We’re proud of our growing client base: 2500+ enterprises in all industries; [...]
ProxyShell and ProxyLogon are two high severity exploits against Microsoft Exchange Servers discovered in 2021. Both vulnerabilities enable threat actors to perform remote code execution on vulnerable systems. A year later, another easily exploitable vulnerability named ProxyNotShell is threatening unpatched Exchange Servers. Here's a great article we recommend you read: Microsoft Exchange ProxyNotShell vulnerability explained [...]
Microsoft has just launched a quarterly cyber threat intelligence brief branded Cyber Signals. The new publication offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and strategies used by the world’s most prolific threat actors. Cyber Signals is aimed at Chief Information Security Officers, Chief Information Officers, Chief Privacy Officers, and their teams, as they continue [...]
As we all ushered in the New Year, a date check failure in Exchange Server 2016 and 2019 made it impossible for Exchange servers to accommodate the year 2022. The bug, dubbed 'the Y2K22 bug' prevented on-premise Microsoft Exchange servers from sending millions of emails. Fortunately, Microsoft was quick to act and has released an [...]
Messageware’s Exchange Protocol Guard (EPG) gives organizations peace of mind that their key messaging protocols are protected. Toronto – Jan 23, 2020: Messageware, Inc., the leader in Microsoft Exchange security and productivity tools, today announced the release of Messageware Exchange Protocol Guard (EPG). Messageware EPG is unique in that it provides on-premises Microsoft Exchange Servers [...]
Department of Defense (DoD) contractors and suppliers must ensure they are compliant with Defense Federal Acquisition Regulation Supplement (DFARS). What is DFARS? In 2015, the DoD reported that hackers had stolen over 21 million personally identifiable records of government employees, contractors, and their families from The Office of Personnel Management. In response to this incident [...]
In this post, we talk to Matt Singh, Senior Enterprise Account Manager at Messageware. Matt has been working with Messageware clients for over 10-years and has an intimate knowledge of the key challenges they face when migrating users from desktop Outlook to Outlook Web App (OWA), for Office 365 and on-premises users. Here's what he [...]
TORONTO - Oct. 7, 2015 - Messageware www.messageware.com, the world's leading provider of enterprise productivity and security solutions for Microsoft Exchange, today announced the release of seven Messageware software products for Exchange 2016. Organizations that are planning to adopt Exchange 2016 can now implement these essential products. With Messageware 2016, administrators easily apply their corporate security policies and users [...]
Congratulations to the Microsoft Exchange team on the release of Exchange 2016! Exchange Server 2016 brings innovation to a broad set of areas, including individual productivity, team collaboration, and information governance. In the words of Microsoft: “Most of the new features in Exchange Server 2016 were birthed in the cloud and then refined in a [...]
With the launch of the new Outlook Mobile App into the Apple and Android stores, there are a number of new security concerns from the Microsoft Exchange community. Perhaps the gravest concern for those using the new App are that Microsoft stores email credentials in, and transfers company email data through the cloud (initially Amazon [...]
