-
Exchange Server 2016/2019 end of support - ALI TAJRAN
August 28, 2024 at 10:26:35 PM GMT+2 * - permalink -J'apprends que "Exchange Server Subscription Edition" (SE) va faire son apparition en 2025. Les migrations à la volée vont pleuvoir d'ici là...
- https://www.alitajran.com/exchange-server-2016-2019-end-of-support/
-
Exchange Online to block emails from vulnerable on-prem servers
March 29, 2023 at 1:03:56 PM GMT+2 * - permalink -C'est une petite bombe que lâche Microsoft à mon sens, dont le but probable est de pousser - encore plus - une migration vers les services 365. À surveiller de près.
- https://www.bleepingcomputer.com/news/security/exchange-online-to-block-emails-from-vulnerable-on-prem-servers/
-
Protect Exchange Server OWA/ECP from brute force attacks - ALI TAJRAN
November 1, 2022 at 12:48:20 PM GMT+1 * - permalink -Une implémentation de Google reCAPTCHA sur un Exchange / OWA pour bloquer les bruteforce, l'idée est pas conne.
- https://www.alitajran.com/protect-exchange-owa-ecp-brute-force-attacks/
-
Microsoft Exchange server zero-day mitigation can be bypassed
October 3, 2022 at 5:21:45 PM GMT+2 * - permalink -Donc la solution de mitigation proposée par Microsoft peut finalement être facilement contournée, super...
Edit, la suite: https://www.bleepingcomputer.com/news/security/microsoft-updates-mitigation-for-proxynotshell-exchange-zero-days/
Edit 2, le tuto: https://www.alitajran.com/0-day-vulnerability-microsoft-exchange/#h-mitigate-cve-2022-41082
- https://www.bleepingcomputer.com/news/security/microsoft-exchange-server-zero-day-mitigation-can-be-bypassed/
-
Microsoft confirme : La prochaine version d'Exchange Server ne sortira pas avant 2025 - ZDNet
June 9, 2022 at 5:20:41 PM GMT+2 * - permalink -Même si Exchange est une passoire, Microsoft continuera de le proposer on-prem et prévoit de passer plus de temps à le blinder: on ne peut pas les blâmer pour cela.
- https://www.zdnet.fr/actualites/microsoft-confirme-la-prochaine-version-d-exchange-server-ne-sortira-pas-avant-2025-39942924.htm
-
Microsoft March 2022 Patch Tuesday fixes 71 flaws, 3 zero-days
March 10, 2022 at 5:39:06 PM GMT+1 * - permalink -Oh, une faille dans Exchange ça faisait longtemps (non) ! C'est le 2e shaarlink "patching".
- https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2022-patch-tuesday-fixes-71-flaws-3-zero-days/
-
January Updates ReFS became RAW for Database Volumes : exchangeserver
February 22, 2022 at 10:32:19 PM GMT+1 * - permalink -Si toi aussi tu gères un Exchange 2016 sous VMWare et que les updates Windows ont bousillé tes volumes ReFS: https://kb.vmware.com/s/article/1012225?lang=en_us
- From a web browser, connect to the vSphere Web Client.
- Log in with Administrator credentials.
- Navigate to the virtual machine you want to modify.
- Power off the virtual machine.
- Right-click the virtual machine and select Edit Settings.
- Click the VM Options tab.
- Click Advanced > Edit Configuration.
- Either select Add Row, or enter the values directly into the provided fields at the bottom.
- Insert a new row with the name devices.hotplug and a value of false.
- Power on the virtual machine.
J'allais commencer à désinstaller les updates, ce paramètre m'a fait gagner un temps infini.
- https://www.reddit.com/r/exchangeserver/comments/s1y5pw/january_updates_refs_became_raw_for_database/huldlko/?context=3
-
Microsoft releases emergency fix for Exchange year 2022 bug
January 3, 2022 at 6:47:37 PM GMT+1 * - permalink -Microsoft vous souhaite bonne année, remplie d'emmerdes en tout genre ! :)
- https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-fix-for-exchange-year-2022-bug/
-
New Microsoft Exchange service mitigates high-risk bugs automatically
September 29, 2021 at 7:00:12 PM GMT+2 * - permalink -Un service qui en désactive d'autres dans ton dos, même pour "atténuer des failles critiques" ? Nope, à désactiver !
- https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-service-mitigates-high-risk-bugs-automatically/
-
Microsoft Exchange protocol can leak credentials • The Register
September 22, 2021 at 5:28:09 PM GMT+2 * - permalink -En gros, si "autodiscover.example.com" ne répond pas, Outlook va chercher sur "autodiscover.com".
Le souci, c'est que c'est deux noms de domaine différents, et que les credentials passent en clair selon l'article.- https://www.theregister.com/2021/09/22/microsoft_exchange_autodiscover_protocol_found/
-
Microsoft Exchange servers being hacked by new LockFile ransomware
August 23, 2021 at 5:31:09 PM GMT+2 * - permalink -Si vous n'avez toujours pas patché Exchange, faites-le. C'est le moment.
- https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-being-hacked-by-new-lockfile-ransomware/
-
How to monitor Exchange 2016/2013 by using Managed Availability
August 13, 2021 at 9:10:56 AM GMT+2 * - permalink -Pour aller plus loin dans le debug Exchange.
- https://www.codetwo.com/admins-blog/managed-availability-in-exchange-2013/
-
Announcing General Availability of the new Exchange admin center - Microsoft Tech Community
May 17, 2021 at 9:44:10 PM GMT+2 * - permalink -Nouvel EAC d'Exchange.
- https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-the-new-exchange-admin-center/ba-p/2283004
-
FBI nuked web shells from hacked Exchange Servers without telling owners
April 14, 2021 at 9:48:54 PM GMT+2 * - permalink -Ah ouais quand même, le FBI est allé jusqu'à "patcher" les serveur Exchange hackés aux USA, SANS en avertir les propriétaires ! Oo
Ça semble logique -de leur point de vue- car le problème devient politique à ce niveau.- https://www.bleepingcomputer.com/news/security/fbi-nuked-web-shells-from-hacked-exchange-servers-without-telling-owners/