April is the end of Exchange 2013: Here’s what you need to know

With the end of support looming, you need to plan to replace Exchange Server 2013 in the next few months, but there are more options than just upgrading.
The post April is the end of Exchange 2013: Here’s what you need to know appeared first on T… Continue reading April is the end of Exchange 2013: Here’s what you need to know

CVE-2020-0688 Puts Focus on Exchange On-Premises Vulnerabilities


The revelations that Exchange Server has had a vulnerability in the Exchange Control Panel since Exchange 2010 shocked some. Microsoft has patched CVE-2020-0688, but the problem gives on-premises administrators something to think about as they look to the long-term future of their email service. Staying on-premises is an option, but going to the cloud might be more secure.

The post CVE-2020-0688 Puts Focus on Exchange On-Premises Vulnerabilities appeared first on Petri.

Continue reading CVE-2020-0688 Puts Focus on Exchange On-Premises Vulnerabilities

Exchange and the Turla LightNeuron Attack

Turla, a Russian cyber-espionage group is reported as being behind an attack on Exchange on-premises servers that uses transport agents to capture and process messages for selected users. It’s an interesting attack vector that hasn’t been seen before and raises the question of how often administrators should review transport agents active on their servers.

The post Exchange and the Turla LightNeuron Attack appeared first on Petri.

Continue reading Exchange and the Turla LightNeuron Attack

Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches

Exchange hack problem
Exchange hack problem

The recent exposure of a privilege elevation vulnerability that exists in the control Exchange has over Active Directory and EWS push notifications is fixed by cumulative updates for Exchange 2013, Exchange 2016, and Exchange 2019 and a roll-up update for Exchange 2010 SP3. These changes mark an architectural modification for Exchange, something that Microsoft is loathe to do outside major releases. Install the updates now!

The post Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches appeared first on Petri.

Continue reading Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches

Fixing a Multi-Protocol Exchange Server Vulnerability

Exchange hack problem
Exchange hack problem

No fix is available yet for the Exchange vulnerability reported by Dirk-jan Mollema and described in CVE-2018-8581. Apart from deploying a split permissions model, no out-of-the-box mitigation exists today. Microsoft is working actively to fix the problem and in the meantime, the brains of the Exchange community are hard at work to come up with possible solutions.

The post Fixing a Multi-Protocol Exchange Server Vulnerability appeared first on Petri.

Continue reading Fixing a Multi-Protocol Exchange Server Vulnerability

All Versions of On-Premises Exchange Server Vulnerable to New Attack


A newly-discovered vulnerability in Exchange potentially allows attackers to gain control over Active Directory. Since Exchange 2000, Exchange has been a highly-privileged server that’s tightly connected to Active Directory. Add in some NTLM weakness, Exchange Web Services push notifications, and everything comes together for the bad guys.

The post All Versions of On-Premises Exchange Server Vulnerable to New Attack appeared first on Petri.

Continue reading All Versions of On-Premises Exchange Server Vulnerable to New Attack

Microsoft Migrates Exchange Public Folders to Office 365 Groups

Microsoft has new tools to migrate public folders (the “cockroaches of Exchange”) to Office 365 Groups. Sounds good. The good news is that the tools work, even if they need a lot of manual oversight. ISVs offer tools to do the same job with more automation. The choice is yours!

The post Microsoft Migrates Exchange Public Folders to Office 365 Groups appeared first on Petri.

Continue reading Microsoft Migrates Exchange Public Folders to Office 365 Groups

Microsoft Migrates Exchange Public Folders to Office 365 Groups

Microsoft has new tools to migrate public folders (the “cockroaches of Exchange”) to Office 365 Groups. Sounds good. The good news is that the tools work, even if they need a lot of manual oversight. ISVs offer tools to do the same job with more automation. The choice is yours!

The post Microsoft Migrates Exchange Public Folders to Office 365 Groups appeared first on Petri.

Continue reading Microsoft Migrates Exchange Public Folders to Office 365 Groups

Games Vendors Play with Exchange Hardware Configurations

Hardware vendors publish their solutions for Exchange through the Microsoft ESRP. The only thing is that some of the solutions are illogical and unworkable. In fact, some solutions are simply ridiculous. Sure, you could implement them – but at what cost and what level of reliability. But the solutions get your attention and that’s their purpose.

The post Games Vendors Play with Exchange Hardware Configurations appeared first on Petri.

Continue reading Games Vendors Play with Exchange Hardware Configurations

Exchange Cumulative Updates and Distribution List Upgrades

Exchange Admin Center convert DL

The quarterly cumulative updates for Exchange Server quietly appeared with little fuss this week. Meanwhile, in cloud land, Office 365 continues the crusade to eradicate distribution lists with new bulk conversions to Office 365 Groups.

The post Exchange Cumulative Updates and Distribution List Upgrades appeared first on Petri.

Continue reading Exchange Cumulative Updates and Distribution List Upgrades