Tag Archives: Exchange

Microsoft Exchange Server: Keylogger steals credentials from government organizations worldwide

[German]Security researchers have discovered a keylogger that infects government organizations worldwide, as well as banks and other institutions via Microsoft Exchange Server. The keylogger was found after an infection on the main page of a customer's Exchange Server. The purpose … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Advertising

Microsoft has fixed an Exchange EWS issue from March 14, 2024 on Macs

[German]A small addendum from this week. A reader emailed me a few days ago to say that there was a problem with Microsoft Exchange in connection with a mail client with EWS. According to the reader's observations, this has been … Continue reading

Posted in issue, macOS | Tagged , , | Leave a comment

How to find weak passwords in Active Directory and eliminate them with PowerShell

[Sponsored Post]Weak or compromised passwords are a known gateway for attackers. If you are able to identify which users in Active Directory (AD) are threatened by this, then PowerShell can help to remedy it. However, PowerShell scripts cannot eliminate basic AD deficits, other tools are needed for this. More ...

More than 28,500 Exchange servers vulnerable via CVE-2024-21410; more software affected?

[German]Since February 13, 2024, a vulnerability CVE-2024-21410 has been known, through which attackers can access NTLM hashes via Microsoft Exchange Server and then misuse them for NTLM relay or pass-the-hash attacks. I have now read that more than 28,500 Exchange … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Advertising

Follow-up on CU 14 for Exchange 2019 and vulnerability CVE-2024-21410 (Feb. 2024)

[German]On February 13, 2024, a critical vulnerability CVE-2024-21410 in Microsoft Exchange Server became public. The Elevation of Privilege vulnerability has a CVEv3 score of 9.8 and is likely to be exploited (soon). Security authorities are warning about this vulnerability. However, … Continue reading

Posted in Security, Software | Tagged , , | Leave a comment

Exchange Server Cumulative Update CU 14 (February 13, 2024)

[German]Microsoft has released the cumulative update CU 2024 H1 for Exchange Server 2019 on February 13, 2024. This update (CU 14) contains fixes for customer-reported issues, a security change and all previously released security updates (SUs). Advertising

Posted in Security, Software, Update | Tagged , , , | Leave a comment

Advertising

Microsoft identifies Russian attacker exploiting CVE-2023-23397 in Outlook to access Exchange accounts

[German]CVE-2023-23397 is a vulnerability in Microsoft Outlook that could be exploited in conjunction with Microsoft Exchange servers, which was closed with security updates in March 2023. Microsoft has now identified an attacker based in Russia who is actively exploiting CVE-2023-23397 … Continue reading

Posted in Security, Software | Tagged , , , | Leave a comment

20,000 unpatched Exchange servers accessible via the Internet (Dec. 2023)

[German]Looks like we're heading for the next cyberattack disaster. Network scans by security researchers have found around 20,000 Microsoft Exchange servers that are accessible via the internet and vulnerable to remote code attacks. The Exchange servers are located in Asia, … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Exchange Server security updates (November 14, 2023)

[German]Microsoft has released security updates for Exchange Server 2016 and Exchange Server 2019 on November 14, 2023. These security updates close vulnerabilities in this software. The updates should be installed on the systems promptly to close the vulnerabilities in question. … Continue reading

Posted in Security, Software, Update | Tagged , , , | Leave a comment

Advertising

Microsoft Exchange: Four 0-day Exchange vulnerabilities allows RCE attacs and data thief

[English]Trend Micro's Zero Day Initiative (ZDI) has just published four unpatched vulnerabilities (so-called 0-Days) in Microsoft Exchange. These were reported to Microsoft in September 2023 and ZDI classifies them with CVSS scores of 7.1 to 7.5. Microsoft's security experts do … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Microsoft Exchange Server October 2023 Patchday issues

[German]As of October 10, 2023, Microsoft has indeed released security updates (SU) for on-premises Exchange Server 2016 / 2019. These pick up the August 2023 patches, but may cause problems with Exchange installations. For example, there may be installation error … Continue reading

Posted in issue, Software | Tagged , | Leave a comment