Tag Archives: Exchange

Outlook to Exchange auto-discovery and the duplicate .com.com domain

[German]I'm posting a curious reader observation here in the blog. It's about the auto-discovery of e-mail recipients in Outlook via the auto-discovery service in Microsoft Exchange. One reader noticed a crude problem in this context. Someone seems to have registered … Continue reading

Posted in Allgemein, Security, Software | Tagged , , | Leave a comment

Advertising

HornetSecurity quarantines Microsoft Exchange emails (July 2, 2024)

[German]A information to the administrators among the blog readership who use HornetSecurity to filter mails (e.g. in Microsoft Exchange). A reader informed me that the mails in question (for Exchange) have been quarantined. On the HornetSecurity status page there is … Continue reading

Posted in Cloud, Security, Software | Tagged , , | 1 Comment

Microsoft Exchange Server: Keylogger steals credentials from government organizations worldwide

[German]Security researchers have discovered a keylogger that infects government organizations worldwide, as well as banks and other institutions via Microsoft Exchange Server. The keylogger was found after an infection on the main page of a customer's Exchange Server. The purpose … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Microsoft has fixed an Exchange EWS issue from March 14, 2024 on Macs

[German]A small addendum from this week. A reader emailed me a few days ago to say that there was a problem with Microsoft Exchange in connection with a mail client with EWS. According to the reader's observations, this has been … Continue reading

Posted in issue, macOS | Tagged , , | Leave a comment

More than 28,500 Exchange servers vulnerable via CVE-2024-21410; more software affected?

[German]Since February 13, 2024, a vulnerability CVE-2024-21410 has been known, through which attackers can access NTLM hashes via Microsoft Exchange Server and then misuse them for NTLM relay or pass-the-hash attacks. I have now read that more than 28,500 Exchange … Continue reading

Posted in Security, Software | Tagged , | Leave a comment
Ad #3

Follow-up on CU 14 for Exchange 2019 and vulnerability CVE-2024-21410 (Feb. 2024)

[German]On February 13, 2024, a critical vulnerability CVE-2024-21410 in Microsoft Exchange Server became public. The Elevation of Privilege vulnerability has a CVEv3 score of 9.8 and is likely to be exploited (soon). Security authorities are warning about this vulnerability. However, … Continue reading

Posted in Security, Software | Tagged , , | Leave a comment

Advertising

Exchange Server Cumulative Update CU 14 (February 13, 2024)

[German]Microsoft has released the cumulative update CU 2024 H1 for Exchange Server 2019 on February 13, 2024. This update (CU 14) contains fixes for customer-reported issues, a security change and all previously released security updates (SUs). Advertising

Posted in Security, Software, Update | Tagged , , , | Leave a comment

Microsoft identifies Russian attacker exploiting CVE-2023-23397 in Outlook to access Exchange accounts

[German]CVE-2023-23397 is a vulnerability in Microsoft Outlook that could be exploited in conjunction with Microsoft Exchange servers, which was closed with security updates in March 2023. Microsoft has now identified an attacker based in Russia who is actively exploiting CVE-2023-23397 … Continue reading

Posted in Security, Software | Tagged , , , | Leave a comment

Advertising

20,000 unpatched Exchange servers accessible via the Internet (Dec. 2023)

[German]Looks like we're heading for the next cyberattack disaster. Network scans by security researchers have found around 20,000 Microsoft Exchange servers that are accessible via the internet and vulnerable to remote code attacks. The Exchange servers are located in Asia, … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Exchange Server security updates (November 14, 2023)

[German]Microsoft has released security updates for Exchange Server 2016 and Exchange Server 2019 on November 14, 2023. These security updates close vulnerabilities in this software. The updates should be installed on the systems promptly to close the vulnerabilities in question. … Continue reading

Posted in Security, Software, Update | Tagged , , , | Leave a comment