Decision Point: Exchange 2016 Exits Mainstream Support Soon

Exchange 2016 Lifecycle
Exchange 2016 Lifecycle

Put October 13 In Your Diary Time passes and products age, except in the cloud where renewal is an ongoing process. For Exchange Server 2016, Microsoft is keen for you to know that it reaches the end of mainstream support on October 13, 2020. Extended support for Exchange 2016 ceases on October 14, 2025. Exiting […]

The post Decision Point: Exchange 2016 Exits Mainstream Support Soon appeared first on Petri.

Continue reading Decision Point: Exchange 2016 Exits Mainstream Support Soon

CVE-2020-0688 Puts Focus on Exchange On-Premises Vulnerabilities


The revelations that Exchange Server has had a vulnerability in the Exchange Control Panel since Exchange 2010 shocked some. Microsoft has patched CVE-2020-0688, but the problem gives on-premises administrators something to think about as they look to the long-term future of their email service. Staying on-premises is an option, but going to the cloud might be more secure.

The post CVE-2020-0688 Puts Focus on Exchange On-Premises Vulnerabilities appeared first on Petri.

Continue reading CVE-2020-0688 Puts Focus on Exchange On-Premises Vulnerabilities

Exchange and the Turla LightNeuron Attack

Turla, a Russian cyber-espionage group is reported as being behind an attack on Exchange on-premises servers that uses transport agents to capture and process messages for selected users. It’s an interesting attack vector that hasn’t been seen before and raises the question of how often administrators should review transport agents active on their servers.

The post Exchange and the Turla LightNeuron Attack appeared first on Petri.

Continue reading Exchange and the Turla LightNeuron Attack

Stick or Stay: Should I Upgrade to Exchange 2019?


Exchange 2019 has been around for six months. It’s a good time to consider if on-premises organizations should upgrade or stick with the version of Exchange they run today. Exchange 2019 is a solid release, even if Microsoft’s engineering efforts are largely focused on the cloud these days. Of course, moving to Exchange Online is an option too, but perhaps not for the dedicated on-premises deployments.

The post Stick or Stay: Should I Upgrade to Exchange 2019? appeared first on Petri.

Continue reading Stick or Stay: Should I Upgrade to Exchange 2019?

Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches

Exchange hack problem
Exchange hack problem

The recent exposure of a privilege elevation vulnerability that exists in the control Exchange has over Active Directory and EWS push notifications is fixed by cumulative updates for Exchange 2013, Exchange 2016, and Exchange 2019 and a roll-up update for Exchange 2010 SP3. These changes mark an architectural modification for Exchange, something that Microsoft is loathe to do outside major releases. Install the updates now!

The post Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches appeared first on Petri.

Continue reading Exchange Privilege Elevation Vulnerability Addressed by Microsoft Patches

Fixing a Multi-Protocol Exchange Server Vulnerability

Exchange hack problem
Exchange hack problem

No fix is available yet for the Exchange vulnerability reported by Dirk-jan Mollema and described in CVE-2018-8581. Apart from deploying a split permissions model, no out-of-the-box mitigation exists today. Microsoft is working actively to fix the problem and in the meantime, the brains of the Exchange community are hard at work to come up with possible solutions.

The post Fixing a Multi-Protocol Exchange Server Vulnerability appeared first on Petri.

Continue reading Fixing a Multi-Protocol Exchange Server Vulnerability

All Versions of On-Premises Exchange Server Vulnerable to New Attack


A newly-discovered vulnerability in Exchange potentially allows attackers to gain control over Active Directory. Since Exchange 2000, Exchange has been a highly-privileged server that’s tightly connected to Active Directory. Add in some NTLM weakness, Exchange Web Services push notifications, and everything comes together for the bad guys.

The post All Versions of On-Premises Exchange Server Vulnerable to New Attack appeared first on Petri.

Continue reading All Versions of On-Premises Exchange Server Vulnerable to New Attack

Choosing the Best Mobile Office 365 Email Client

Companies that move to Office 365 have to decide what mobile email client to use. A native client that uses Exchange ActiveSync (EAS) or Outlook? In the past, the best choice was probably something like the iOS mail app. Now, Outlook is the focus of Microsoft’s mobile efforts and it’s where all the new functionality appears. EAS is still valuable, just less so than it was before.

The post Choosing the Best Mobile Office 365 Email Client appeared first on Petri.

Continue reading Choosing the Best Mobile Office 365 Email Client

iOS 11 and Exchange 2016/Online: Not Kissing Cousins

Apple released iOS 11 and found that the mail app cannot connect to Exchange Online or Exchange 2016. It’s all to do with HTTP2 connections. Apple tries to connect via ActiveSync but doesn’t do so the way that Exchange likes, or something like that. In any case, maybe now’s the time to consider Outlook for iOS.

The post iOS 11 and Exchange 2016/Online: Not Kissing Cousins appeared first on Petri.

Continue reading iOS 11 and Exchange 2016/Online: Not Kissing Cousins