Tag Archives: Exchange

Exchange 2016/2019: Nov. 2024 SU v2 also with bug

[German]Microsoft is not really having a good run with its security updates for Exchange Server 2016 and Exchange Server 2019. The version of the security updates released on November 12, 2024 had to be withdrawn due to a bug. Version … Continue reading

Posted in issue, Software | Tagged , | Leave a comment

Exchange 2016/2019 now warns against exploiting the spoofing vulnerability CVE-2024-49040 in emails

[German]Microsoft's November 2024 security updates for Exchange, has added a new feature to its Exchange 2016 and Exchange 2019 servers. Microsoft Exchange now warns when receiving emails that exploit a spoofing vulnerability (Exchange Server non-RFC compliant P2 FROM header detection … Continue reading

Posted in Security, Software, Update | Tagged , , , | Leave a comment

Exchange Server: November 2024 security updates pulled

[German]Disaster for administrators of Microsoft Exchange Server 2016 and 2019 systems who have installed the security updates from November 12, 2024. The transport rules no longer work after applying the November 2024 security update. Microsoft has now stopped the deployment … Continue reading

Posted in issue, Security, Software, Update | Tagged , , , | Leave a comment

Microsoft Exchange Server Updates November 12, 2024

[German]Microsoft has released security updates (SU) for Exchange Server 2016 and 2019 on November 12, 2024. These updates close vulnerabilities found by Microsoft or security partners in Exchange Server. Below is an overview of which updates are available for Exchange … Continue reading

Posted in Security, Software, Update | Tagged , , | Leave a comment

Outlook to Exchange auto-discovery and the duplicate .com.com domain

[German]I'm posting a curious reader observation here in the blog. It's about the auto-discovery of e-mail recipients in Outlook via the auto-discovery service in Microsoft Exchange. One reader noticed a crude problem in this context. Someone seems to have registered … Continue reading

Posted in Allgemein, Security, Software | Tagged , , | Leave a comment

HornetSecurity quarantines Microsoft Exchange emails (July 2, 2024)

[German]A information to the administrators among the blog readership who use HornetSecurity to filter mails (e.g. in Microsoft Exchange). A reader informed me that the mails in question (for Exchange) have been quarantined. On the HornetSecurity status page there is … Continue reading

Posted in Cloud, Security, Software | Tagged , , | 1 Comment

Microsoft Exchange Server: Keylogger steals credentials from government organizations worldwide

[German]Security researchers have discovered a keylogger that infects government organizations worldwide, as well as banks and other institutions via Microsoft Exchange Server. The keylogger was found after an infection on the main page of a customer's Exchange Server. The purpose … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Microsoft has fixed an Exchange EWS issue from March 14, 2024 on Macs

[German]A small addendum from this week. A reader emailed me a few days ago to say that there was a problem with Microsoft Exchange in connection with a mail client with EWS. According to the reader's observations, this has been … Continue reading

Posted in issue, macOS | Tagged , , | Leave a comment

More than 28,500 Exchange servers vulnerable via CVE-2024-21410; more software affected?

[German]Since February 13, 2024, a vulnerability CVE-2024-21410 has been known, through which attackers can access NTLM hashes via Microsoft Exchange Server and then misuse them for NTLM relay or pass-the-hash attacks. I have now read that more than 28,500 Exchange … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Follow-up on CU 14 for Exchange 2019 and vulnerability CVE-2024-21410 (Feb. 2024)

[German]On February 13, 2024, a critical vulnerability CVE-2024-21410 in Microsoft Exchange Server became public. The Elevation of Privilege vulnerability has a CVEv3 score of 9.8 and is likely to be exploited (soon). Security authorities are warning about this vulnerability. However, … Continue reading

Posted in Security, Software | Tagged , , | Leave a comment