Microsoft Exchange
Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs
Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated. Emergency mitigations (also known as EEMS mitigations) are delivered via the Exchange Emergency Mitigation Service(EEMS), introduced three years ago in September 2021. EEMS automatically applies interim mitigations for high-risk (and likely actively exploited) security flaws […]
Microsoft: Exchange 2016 and 2019 reach end of support in October
Microsoft has reminded admins that Exchange 2016 and Exchange 2019 will reach the end of extended support in October and shared guidance for those who need to decommission outdated servers. Exchange 2016 reached its mainstream end date in October 2020, while Exchange 2019 reached the end of mainstream support on January 9, 2024. “On October 14, 2025, 9 months […]
Microsoft pulls Exchange security updates over mail delivery issues
Microsoft has pulled the November 2024 Exchange security updates released during this month’s Patch Tuesday because of email delivery issues on servers using custom mail flow rules. The company announced it pulled the updates from Windows Update and the Download Center following widespread reports from admins saying that email had stopped flowing altogether. This issue affects customers using transport rules (also known […]
Microsoft Exchange adds warning to emails abusing spoofing flaw
Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. The security flaw (CVE-2024-49040) impacts Exchange Server 2016 and 2019, and was discovered by Solidlab security researcher Vsevolod Kokorin, who reported it to Microsoft earlier this year. “The problem is that […]
Iranian hackers now exploit Windows flaw to elevate privileges
The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. In these attacks, spotted by Trend Micro researchers, OilRig deployed a novel backdoor, targeting Microsoft Exchange servers to steal credentials, and also exploited the Windows […]