Tag Archives: Exchange

Tianfu Cup 2021: Exchange 2019 and iPhone hacked

[German]I think the developers at Apple and Microsoft – as well as some other software companies – will have their work cut out for them. At the Chinese Tianfu Cup 2021, which is currently (Oct. 16./17. 2021) underway, there was … Continue reading

Posted in devices, ios, Security, Software | Tagged , , , | 1 Comment

Advertising

Security updates for Exchange Server (October 2021)

[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of October 12, 2021. These October updates are required to address vulnerabilities reported by external security partners and found through Microsoft's internal processes. … Continue reading

Posted in Security, Software, Update, Windows | Tagged , , , | Leave a comment

Let's Encrypt certificate trouble with Windows, Sophos UTM, macOS/iOS (2021/09/30)

[German]As of September 30, 2021, some root certificates that Let's-Encrypt used to sign user certificates expired. This meant that certain devices or applications could no longer access websites or mail servers. I have seen cases with iOS 14/15 and macOS, … Continue reading

Posted in ios, issue, macOS, Software, Windows | Tagged , , , , | 5 Comments

Advertising

Exchange Server September 2021 CU (2021/09/28)

[German]Microsoft has released the Exchange quarterly cumulative updates (CU) for September 2021, effective September 28. The quarterly cumulative updates (CUs) are available for Exchange Server 2016 and Exchange Server 2019. These CUs include fixes for customer-reported issues, all previously released … Continue reading

Posted in Software, Update | Tagged , | Leave a comment

Microsoft tries to register autodiscover domains

[German]After a design error in the Autodiscover protocol used by Microsoft Exchange became public, Microsoft is now rushing to register all Autodiscover domains. This is because clients may leak access data from Exchange accounts to such Autodiscover domains via the … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Advertising

Microsoft Exchange autodiscover design flaw leaks credentials to third party instances

[German]Security researchers at Guardicore have discovered a design flaw in Microsoft Exchange autodiscover protocol that allows attackers to use external autodiscover domains to harvest domain credentials. This is possible because autodiscover domains outside the user's domain (but still in the … Continue reading

Posted in Security, Software, Windows | Tagged , | Leave a comment

Why you may not be able to decommission on-premises Exchange even with cloud solutions

[German]If I understand correctly, many companies are moving towards the cloud. The hope is that once the on-premises Exchange functions are moved to the cloud in Exchange Online, the on-premises solutions will be gone. The other day I came across … Continue reading

Posted in Cloud, Windows | Tagged , , | Leave a comment

Exchange Server: Authentication bypass with ProxyToken

[German]In the April 2021 cumulative updates, Microsoft fixed a vulnerability in its on-premises Exchange servers that allowed attackers to change configuration without authentication. This would have allowed an unauthenticated attacker to change the configuration for mailboxes of arbitrary users. This … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Advertising

Exchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)

[German]The installation of the latest CUs from July 2021 for Microsoft Exchange Server bricks the ability to update custom attributes in the Exchange Control Panel (ECP). That is what some user reports suggest. This affects different on-premises Exchange versions. Here's … Continue reading

Posted in issue, Software | Tagged , , | Leave a comment

Exchange and ProxyShell: News from Microsoft and security experts

[German]I have reported several times on attacks on unpatched on-premises Exchange servers using the ProxyShell method in the blog. Now Microsoft has commented on this in an article and indicates which systems are at risk. In addition, I have received … Continue reading

Posted in Security | Tagged , | Leave a comment