Microsoft has released security updates for Exchange 2013, Exchange 2016, and Exchange 2019 to fix some remote code execution vulnerabilities. It's time to update your on-premises servers again, including those used for hybrid management. Let's not give those nasty hackers any easy targets to attack.
On the show this week, Steve and Paul discuss Teams version 2.0 - and take a deep dive into why the new version will perform better. Justin Morris from Microsoft joins us with expert, real-world advice on Teams Rooms, we discuss Exchange updates (with new features!), Windows 11 planning guidance, plus find out the key features rolling out to your tenant now.
If you prefer to run Exchange Server setup for new installations or cumulative updates using the GUI rather than the command line, then you aren’t alone, and if you are finally getting round to removing an Exchange Server 2010 or 2013 Hybrid and replacing it with Exchange Server 2016, then it’s better late than never. […]
Microsoft has delayed the release of the June 2021 cumulative updates for Exchange Server for two weeks to integrate the Windows Antimalware Scan interface (AMSI). The change will allow Exchange 2016 and Exchange 2019 servers running on Windows Server 2016 or later to integrate antimalware engines to check HTTP requests for potential problems. If ever there was good reason to delay an update, this is it.
9 Comments
The New-DistributionGroup cmdlet has been in Exchange since 2006. It creates a new distribution list that is easily populated with a few commands. Although Microsoft might like everyone to use the new-fangled Microsoft 365 Groups, the fact remains that distribution lists are very useful. So much so that many millions are still in active use. In this article, we explore how to create new standard and dynamic distribution lists with PowerShell.
Microsoft has released security patches to address four new remote code vulnerabilities in Exchange 2013,2016, and 2019. At the same time, the FBI has removed web shells from compromised servers, but only in the U.S. Now more than ever it is essential that Exchange Server administrators apply all available patches and make sure that their servers have no lingering surprises left behind by attackers.
Hybrid hasn't changed much - but everything around it has. Over the last few years small changes to the way people deploy Microsoft 365 along with bigger shifts in the way your secure Microsoft 365 mean your old assumptions about Exchange Online migrations have to change. Has SharePoint become the go-to technology in Microsoft 365? Has HAFNIUM made publishing Exchange for Hybrid migrations more difficult? And how can MFA impact your once seamless migrations?
Microsoft Exchange and security experts answer the top seven questions around compromise and mitigation for the HAFNIUM Exchange Server 2010, 2013, 2016, and 2019 exploits. The Q&A was pulled from an intense, hour-long panel discussion that covers this topic in-depth.
Microsoft wants you to know that patching the four critical security flaws in Microsoft Exchange Server does not remediate existing compromised systems. Organizations need to patch, and then they need to investigate and, if compromised, stop the attack. Exchange Server Microsoft Certified Master and MVP Jeff Guillet, Microsoft Certified Solutions Master and MVP Michael Van Horenbeeck (a.k.a. Mr. Van Hybrid), Microsoft MVP Paul Robichaux, and CISSP and Quest Software solutions expert Bryan Patton answer questions during the panel discussion on March 12.
Microsoft's Exchange Server woes continued when the online copy of the Hybrid Configuration Wizard was hijacked and replaced by a text file. The problem is now fixed, but it underlines the need for vigilance in all parts of the Microsoft 365 ecosystem.
The Hafnium attack on thousands of on-premises Exchange servers is a wake-up call for their administrators and the organizations using the email service. Ten years ago, it was a reasonable decision to stay on-premises. Five years ago, you could argue the same case and companies with bad network connectivity to the internet or specific security requirements were happy to stay on-premises. Now? In a world of increasing threat, staying on-premises looks a lot more risky. For most, it's time to move to the cloud.
Microsoft has issued critical security updates for Exchange on-premises servers. The fixes close off four known vulnerabilities which expose Exchange to day-zero attacks. It's important to apply these updates ASAP.
