Category: Exchange
-
Microsoft Exchange Servers are a high-value target for many adversaries, which makes the investigation of them during Incident Response vital. Backdoor implants in the form of webshells and IIS modules on servers are on the rise. Find out how to hunt webshells and differentiate between legitimate use and attacker activity, using default logging available on…
-
Three years ago I wrote a document titled “Removing Exchange’s ability to impact Tier 0 and Tier 1” that was distributed internally at Microsoft as well as to dozens of Microsoft customers as part of Cybersecurity services delivered through Microsoft Consulting Services (MCS). I had always intended to get this document published publicly, but for…
-
Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you start? What should you look for? Backdoor implants in the form of webshells hiding in OWA are on the rise. Find out how to hunt webshells and differentiate between legitimate use and attacker activity, using…
-
Exchange 2016 has been officially released! Read the official announcement here: http://aka.ms/msexchange2016 More to come soon. Josh BryantCybersecurity Product Leader and internationally recognized Speaker at several Information Security conferences and events with over 26 years of experience as a proven leader in Cybersecurity, Product Management, Threat Hunting, Incident Response, IT Management, IT Architecture, IT Operations,…
-
This week I was helping a customer figure out why their Windows 8.1 with Outlook 2013 clients couldn’t connect to Exchange 2010 over Outlook Anywhere with Smartcard Authentication, but their Windows 7 with Outlook 2010 clients could. After a couple days of looking at network traces on firewalls, Process Explorer, and Process Monitor on several…
-
Exchange 2013 CU8, Exchange 2010 SP3 RU9, and Exchange 2007 SP3 RU16 have all been released! Josh BryantCybersecurity Product Leader and internationally recognized Speaker at several Information Security conferences and events with over 26 years of experience as a proven leader in Cybersecurity, Product Management, Threat Hunting, Incident Response, IT Management, IT Architecture, IT Operations,…
-
Exchange 2013 CU7, Exchange 2010 SP3 RU8, Exchange 2007 SP3 RU15, and UM Language Packs for CU7, were all released yesterday. These include important security fixes for vulnerabilities outlined in MS14-075. There have been reports of RU8 breaking Outlook connectivity. Because of this, RU8 is being recalled, so expect an RU8v2. For more information, see the…
-
Due to traveling and the holidays, I'm a little late on getting this out there… Exchange 2010 SP3 RU7 and Exchange 2013 CU6 were both released last week (August 26th 2014). Exchange 2010 SP3 RU7 has a handful of bug fixes, and so far is rather unintersting and uneventful. Exchange 2013 CU6 on the other hand, has had…
-
Exchange 2010 SP3 RU6 and Exchange 2013 CU5 were released today! RU6 only contains bug fixes. CU5 includes OAB improvements in addition to bug fixes. Josh BryantCybersecurity Product Leader and internationally recognized Speaker at several Information Security conferences and events with over 26 years of experience as a proven leader in Cybersecurity, Product Management, Threat Hunting,…
-
If you haven't noticed already, Exchange 2013 SP1, Exchange 2010 SP3 RU5, and Exchange 2007 SP3 RU13 were all released last week (Feb 25th). I'm a little behind due to traveling for work. I am particularly excited about the new DLP features in Exchange 2013 SP1. A collegue and I personally lobbied the Exchange Product…