Exchange Server Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Thu, 30 May 2024 18:05:38 +0000 en-US hourly 1 https://wordpress.org/?v=78361 200474804 New feature in Exchange Server will apply fixes automatically https://gridinsoft.com/blogs/new-feature-in-exchange-server-will-apply-fixes/ https://gridinsoft.com/blogs/new-feature-in-exchange-server-will-apply-fixes/#respond Tue, 28 Sep 2021 21:46:35 +0000 https://blog.gridinsoft.com/?p=5964 Microsoft has added a new feature to Exchange Server that will automatically take action to remediate high-risk vulnerabilities (most likely already exploited by hackers). This should protect Exchange servers from attacks and give administrators more time to install full-fledged patches when Microsoft releases them. The fact is that zero-day vulnerabilities in Microsoft Exchange have recently… Continue reading New feature in Exchange Server will apply fixes automatically

The post New feature in Exchange Server will apply fixes automatically appeared first on Gridinsoft Blog.

]]>
Microsoft has added a new feature to Exchange Server that will automatically take action to remediate high-risk vulnerabilities (most likely already exploited by hackers).

This should protect Exchange servers from attacks and give administrators more time to install full-fledged patches when Microsoft releases them. The fact is that zero-day vulnerabilities in Microsoft Exchange have recently been regularly exploited by “government hackers”, as well as by groups pursuing financial gain.

For example, I recently wrote about US and UK accused China for attacks on Microsoft Exchange servers. Moreover, Sophos experts have discovered the Epsilon Red ransomware that exploits vulnerabilities in Microsoft Exchange servers to attack other machines on the network.

The new functionality is called Microsoft Exchange Emergency Mitigation (EM) and is based on the Exchange On-premises Mitigation Tool (EOMT), released in March this year to help identify and fix ProxyLogon problems.

EM runs as a Windows service on Exchange Mailbox servers and will be automatically installed on Exchange Server 2016 and Exchange Server 2019 mailbox servers after the September 2021 cumulative update (or newer) is deployed. Administrators can disable EM if they don’t want Microsoft to automatically apply security measures to their servers.

The new functionality will detect Exchange servers that are vulnerable to one or more known issues and automatically apply temporary mitigation measures to them (until administrators can apply full patches).

So far EM offers three types of protection:

  • A custom rule blocks certain patterns of malicious HTTP requests that could compromise the Exchange server.
  • disabling the vulnerable service on the Exchange server;
  • disabling the vulnerable application pool on the Exchange server.
The new service will not replace the installation of security updates on Exchange Server, but it is the fastest and easiest way to mitigate the highest risks to Internet-connected on-premises Exchange servers before installing the appropriate patches.the developers write.

Let me also remind you that I talked about the fact that Hackers attack Microsoft Exchange servers on behalf of Brian Krebs.

The post New feature in Exchange Server will apply fixes automatically appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/new-feature-in-exchange-server-will-apply-fixes/feed/ 0 5964
Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities https://gridinsoft.com/blogs/microsoft-patches-117-vulnerabilities/ https://gridinsoft.com/blogs/microsoft-patches-117-vulnerabilities/#respond Wed, 14 Jul 2021 13:54:04 +0000 https://blog.gridinsoft.com/?p=5704 As part of July Patch Tuesday, Microsoft fixed (released patches) for 117 vulnerabilities, of which 13 were classified as critical. That is, the July set of patches is twice as large as the May and June “Patch Tuesday” combined. This time, bugs were fixed in products such as Microsoft Office, SharePoint, Excel, Microsoft Exchange Server,… Continue reading Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities

The post Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities appeared first on Gridinsoft Blog.

]]>
As part of July Patch Tuesday, Microsoft fixed (released patches) for 117 vulnerabilities, of which 13 were classified as critical. That is, the July set of patches is twice as large as the May and June “Patch Tuesday” combined.

This time, bugs were fixed in products such as Microsoft Office, SharePoint, Excel, Microsoft Exchange Server, Windows Defender, Windows kernel, Windows SMB, and so on.

44 vulnerabilities were associated with remote code execution, 32 with privilege escalation, 14 with information disclosure, 12 provoked denial of service, 8 allowed bypassing various security functions, and another 7 were associated with spoofing.

In addition, this month the company fixed nine zero-day vulnerabilities at once, four of which have already been used for attacks. The following 0-day issues have been fixed, but hackers haven’t used them yet:

  • CVE-2021-34492: Certificate forgery vulnerability in Windows;
  • CVE-2021-34523: Privilege escalation vulnerability in Microsoft Exchange Server;
  • CVE-2021-34473: Remote Code Execution Vulnerability in Microsoft Exchange Server;
  • CVE-2021-33779: Windows ADFS Bypass Vulnerability;
  • CVE-2021-33781: Active Directory bypass vulnerability.

As for the bugs that hackers have already adopted, one of them is the PrintNightmare problem (CVE-2021-34527), which I described in detail earlier.

By the way, I also reported that Microsoft declares that Printnightmare patch works correctly.

And three other vulnerabilities under attack that were not previously known are:

  • CVE-2021-33771: Windows Kernel Privilege Elevation Vulnerability;
  • CVE-2021-34448: scripting engine vulnerability leading to information corruption in memory;
  • CVE-2021-31979: A privilege escalation vulnerability in the Windows kernel.

Along with Microsoft, other companies have released updates to their products this week.

Patches released:

Let me remind you that a month ago Microsoft specialists also tried Six 0-day vulnerabilities fixed in Windows, including a commercial exploit issue.

The post Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/microsoft-patches-117-vulnerabilities/feed/ 0 5704
Microsoft recommends Exchange administrators to disable SMBv1 https://gridinsoft.com/blogs/microsoft-recommends-exchange-administrators-to-disable-smbv1/ https://gridinsoft.com/blogs/microsoft-recommends-exchange-administrators-to-disable-smbv1/#respond Thu, 13 Feb 2020 16:45:01 +0000 https://blog.gridinsoft.com/?p=3458 Microsoft strongly recommends administrators disable the SMBv1 protocol on Exchange servers to protect against threats that exploit its vulnerabilities. Let me remind you that Microsoft has been implementing a systematic refusal to use the outdated SMBv1 for a long time. So, since 2016, the company has advised administrators to withdraw from SMBv1 support since this… Continue reading Microsoft recommends Exchange administrators to disable SMBv1

The post Microsoft recommends Exchange administrators to disable SMBv1 appeared first on Gridinsoft Blog.

]]>
Microsoft strongly recommends administrators disable the SMBv1 protocol on Exchange servers to protect against threats that exploit its vulnerabilities.

Let me remind you that Microsoft has been implementing a systematic refusal to use the outdated SMBv1 for a long time. So, since 2016, the company has advised administrators to withdraw from SMBv1 support since this version of the protocol is almost 30 years old and does not contain the security improvements that were added in later versions.

Security enhancements include encryption, integrity checks before authentication to prevent man-in-the-middle (MiTM) attacks, blocking insecure guest authentication, and more.

To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server. There is no need to run the nearly 30-year-old SMBv1 protocol when Exchange 2013/2016/2019 is installed on your system. SMBv1 isn’t safe and you lose key protections offered by later SMB protocol versionsrecommend in Microsoft

Now the Exchange Team has once again reminded administrators of the insecurity of using SMBv1 because various malware still actively abuses them. Some vulnerabilities in SMB are exploited by EternalBlue and EternalRomance, as well as by TrickBot, Emotet, WannaCry, Retefe, NotPetya, Olympic Destroyer, and so on. In addition, known SMB problems can be used to spread the infection to other machines, perform destructive operations, and steal credentials.

In this regard, Microsoft experts strongly recommend disabling the obsolete version of SMB on Exchange 2013/2016/2019 servers.

Before disabling SMBv1, you should make sure you use a correctly configured and supported DAG witness server which supports at least SMBv2. You should make sure that the witness server is running a supported version of Windows Server, which is Windows Server 2012/2012R2/2016 or 2019recommended in Microsoft

The company says they did not check if the Exchange 2010 server was working correctly with SMBv1 disabled. And they are advised to upgrade from Exchange 2010 to Office 365 or a newer version of Exchange Server.

On this week, as part of the “Tuesday of updates” Microsoft fixed 99 bugs in its relatively products, including the sensational 0-day in Internet Explorer, but at the same time, the discontinuation of support for old products causes a very mixed reaction from users.

The post Microsoft recommends Exchange administrators to disable SMBv1 appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/microsoft-recommends-exchange-administrators-to-disable-smbv1/feed/ 0 3458