0

Remediate Exchange Security CVE-2022-21978

Remediate Exchange CVE-2022-21978

The May 2022 security update for Exchange Server 2013, 2016 and 2019 resolved CVE-2022-21978.  A common issue is that admins are only doing part of the work to address this CVE.  Yes they are installing the update, but are not reading the rest of the documentation which states that an additional command must be run.

The FAQ states:

Do I need to take further steps to be protected from this vulnerabilRead the rest “Remediate Exchange Security CVE-2022-21978”

5

Implementing Exchange DownloadDomain Security

Implement Exchange DownloadDomain

In the field, I’m seeing multiple customers that are struggling to implement the DownloadDomain feature. It does require a little prep work and it is not as simple as just running a single command in Exchange to flip the setting on.

In order to mitigate and issue with OWA, it is necessary to create an additional CAS namespace that will be used for downloading attachments from OWA.  This will requir… Read the rest “Implementing Exchange DownloadDomain Security”

2

Exchange 2019 Point of No Return

Exchange 2019 PrepareAD - The Point of No Return

When designing an upgrade strategy from an older version of Exchange to a newer one, a question that needs to be addressed is do we need to introduce a version of Exchange that may not currently be present?  This may be when upgrading from Exchange 2013 to Exchange 2019.  If that organisation currently does not have any Exchange 2016 servers, you need to evaluate if there may be a future requireme… Read the rest “Exchange 2019 Point of No Return”

4

Exchange 2019 CU12 Released

Exchange 2019 CU12 Released

Exchange 2019 CU12 has been released to the Microsoft Volume Licensing Center and the public Microsoft Download site!  Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to upd… Read the rest “Exchange 2019 CU12 Released”

0

Exchange 2016 CU23 Released

Exchange 2016 CU23 Released

Exchange 2016 CU23 has been released to the Microsoft download centre!  Exchange 2016 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2016 and can be used to install a fresh server or to update a previously installed one. Exchange 2013 h… Read the rest “Exchange 2016 CU23 Released”

0

Microsoft Teams Voicemail Headers–April 2022

Voice Mail

Working with a customer’s security team, it was noted that some messages were set to SCL –1 and this was not initially expected.  We were paying particular attention to the SCL value as work was being done to clean up old EOP configuration that was bypassing protection.

  • Two examples are shown below
    EXO mailbox to demonstrate simple delivery, this is the Kim Akers mailbox
  • Exchange 2016 on-premises mai
Read the rest “Microsoft Teams Voicemail Headers–April 2022”
0

Exchange Autodiscover Publishing Blocked By L7 Load Balancer

Unexpected Autodiscover URL

When deploying an Exchange Hybrid configuration, one of the most critical components to publish externally is the Autodiscover service. Autodiscover enables seamless client connectivity and hybrid functionality between on-premises Exchange and Exchange Online, including mailbox moves, free/busy lookups, and Outlook profile configuration. However, publishing Autodiscover to the Internet can become … Read the rest “Exchange Autodiscover Publishing Blocked By L7 Load Balancer”

0

ASA OOPS – What Happens When It Is Overlooked

When deploying or migrating Microsoft Exchange Server, one critical yet often overlooked component is the Alternate Service Account (ASA). The ASA is used by Exchange to support Kerberos authentication for services such as Outlook Anywhere and MAPI over HTTP, providing a secure and efficient alternative to NTLM. Without a properly configured ASA, Exchange falls back to NTLM.  NTLM is an older prot… Read the rest “ASA OOPS – What Happens When It Is Overlooked”

0

The Way Things Were–EOP IP Ranges October 2018

EOP IP Ranges From 2018

When discussing network configuration for Office 365, there will be a series of issues and challenges that need to be addressed.  Ideally this is all done in a proactive manner, with the final items addressed in the POC phase.

One of the cornerstone issues is around how access to and from Office 365 will be managed.  This has to address end user access from workstations and publishing your on-premi… Read the rest “The Way Things Were–EOP IP Ranges October 2018”

1

Office 365 Autodiscover Lookup Process–Revisited

Previously we looked at the Office 2010 client and how it used Autodiscover to detect Exchange Online (EXO) mailbox settings.  Outlook 2010 is no longer supported, so it is worth updating these notes for a current build of Outlook.

As with the previous post, this is intended as a point in time reference as I personally find it handy as an ongoing reference.  In the updated example below a fully patc… Read the rest “Office 365 Autodiscover Lookup Process–Revisited”