Exchange 2010


Exchange Security Hole, Delayed Updates and Basic Authentication End Date Announced

This week brings Exchange Online news regarding Basic Authentication, plus a September cumulative update delay for Exchange Server.

Microsoft Urges Patching Exchange Server To Avoid ProxyShell Attacks

The Exchange team at Microsoft posted an announcement on Wednesday acknowledging "ProxyShell" threats and urging organizations to keep Exchange Server up to date with the latest cumulative updates and security updates.

ProxyShell Exchange Server Flaw Getting Used for Ransomware Attacks

Security researchers are seeing the appearance of LockFile ransomware deployments after attackers gained access to Exchange Server via a so-called "ProxyShell" vulnerability.

Attackers Now Scanning for 'ProxyShell' Vulnerabilities in Exchange Server

Recent scanning for a "Critical" remote code execution vulnerability (CVE-2021-34473) in Exchange Server, dubbed "ProxyShell," has been detected by security researchers.

White House Says China's APT40 Responsible for Exchange Hacks, Ransomware Attacks

The Biden administration released a statement on Monday naming the People's Republic of China as responsible for widespread cyberattacks that notably targeted Exchange Server users.

Microsoft Adds Stop-Gap Tool, but Still Plans To End Exchange Online Basic Authentication

Microsoft on Wednesday announced another update on its plans to end the use of Basic Authentication with the Exchange Online e-mail messaging service.

Exchange Server June Update Getting Delayed To Bolster Security

Microsoft on Friday announced a coming delay in delivering this month's Exchange Server cumulative update (CU), which is being done to improve the security of those e-mail messaging products.

Microsoft's Security Patches for May Address 55 Vulnerabilities

Just four CVEs were described as "Critical" in severity. Also included in the May bunch were patches for 50 "Important" vulnerabilities, plus one deemed "Moderate."

New Exchange Admin Center Management Portal Commercially Released

Microsoft this week announced the "general availability" commercial release of the "new" Exchange Admin Center management portal, a browser-based means for managing Exchange Online environments.

FBI Reached into Exchange Servers To Delete Hafnium Webshells

The U.S. Federal Bureau of Investigation (FBI) has deleted Webshells on Hafnium-compromised Exchange Server installations across the country, and is now sending notices to victim organizations, according to a Tuesday announcement.

April Microsoft Security Patches Released, Bringing More Critical Exchange Server Fixes

Microsoft released security updates for 114 common vulnerabilities and exposures in its software products, while also publishing a supplementary note urging organizations to apply the new April Exchange Server "Critical" patches "as soon as possible."

Using Exchange Mail Flow Rules To Fight Ransomware

A key part of an organization's ransomware-prevention strategy is creating Exchange mail flow rules that take action against messages that are likely to contain ransomware.

Microsoft Offers Exchange Server Webshell Hunting Tips

Microsoft on Thursday published a comprehensive description of the Exchange Server attack methods currently taking advantage of four zero-day flaws in those products, and offered extensive advice.

Exchange Server Hafnium Mitigations Available via Microsoft Defender Antivirus

Microsoft on Thursday clarified that organizations running Exchange Server can get automatic security mitigations against Hafnium attacks via Microsoft Defender Antivirus.

Microsoft Guide Describes Exchange Server Indicator of Compromise Testing Tools

The Microsoft Security Response Center team on Tuesday issued "Guidance for Responders," which provides more advice on how organizations can respond to the recent attacks that are leveraging Exchange Server zero-day flaws.

Subscribe on YouTube

Upcoming Training Events

0 AM
TechMentor @ Microsoft HQ
August 11-15, 2025