Exchange

All things Exchange

2

Out of Band Critical Exchange Security Updates–March 2021

Posted on by Rhoderick Milne [MSFT]

Security updates were released today for Exchange 2010, 2013, 2016 and 2019.  Attacks were detected which leveraged these vulnerabilities, so an out of band set of updates was released

This a remote code execution on TCP 443 and is already being exploited as a 0-Day attacks against on-premises Exchange servers.

Microsoft strongly recommends installing this update immediately.  Internet facing serverRead the rest “Out of Band Critical Exchange Security Updates–March 2021”

2

Exchange 2019 CU8 Released

Posted on by Rhoderick Milne [MSFT]
Volume Licensing Download Site

Exchange 2019 CU8 has been released to the Microsoft Volume Licensing Center!  Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to update a previously installed one. Exchange… Read the rest “Exchange 2019 CU8 Released”

2

Exchange 2016 CU19 Released

Posted on by Rhoderick Milne [MSFT]

Exchange 2016 CU19 has been released to the Microsoft download centre!  Exchange 2016 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2016 and can be used to install a fresh server or to update a previously installed one. Exchange 2013 h… Read the rest “Exchange 2016 CU19 Released”

1

Exchange 2010 SP3 RU31 Released

Posted on by Rhoderick Milne [MSFT]

Today is patch Tuesday for December 2020  and contains a security advisory bulletin for Exchange 2010.  Due to the way that Exchange 2010 is serviced, security updates are released as a new update rollup (RU).

You can visit the Microsoft Security  Response Center to read the details about this and the other released security updates.

Download Exchange 2010 SP3 RU31

This is build 14.03.0509.000 of Exchange 2010, and KB 4593467 has the… Read the rest “Exchange 2010 SP3 RU31 Released”

0

Exchange December 2020 Security Updates

Posted on by Rhoderick Milne [MSFT]

Please be aware that Exchange 2013, Exchange 2016  and Exchange 2019 security updates were released as part of the December 2020 patch Tuesday release.  The overall rating is critical, and the update resolves multiple issues.

Details for these, and previously released updates can be found in the Security Update Guide.  Also note that Exchange 2010 SP3 RU31 was also released.

 

image

 

For all of th… Read the rest “Exchange December 2020 Security Updates”

1

Exchange 2013 OnPremisesSmtpClientSubmission – Unhealthy After Disabling TLS 1.0 and TLS 1.1

Posted on by Rhoderick Milne [MSFT]

After going through the steps to disable TLS 1.0 and TLS 1.1, it was noted that Managed Availability was not happy with one particular component in Exchange 2013.  This was the OnPremisesSmtpClientSubmission probe and the monitor which was associated to it.  The below is a reproduction of the customer environment.

For reference, you can review Protocols in TLS/SSL (Schannel SSP) for a listing of wh… Read the rest “Exchange 2013 OnPremisesSmtpClientSubmission – Unhealthy After Disabling TLS 1.0 and TLS 1.1”

0

Exchange Managed Availability Broken With TLS 1.2 Changes

Posted on by Rhoderick Milne [MSFT]

In most enterprise customers there is a segregation of duties between multiple teams.  This could be networking and desktop.  Or Windows Server platform and messaging.  It was the split in these roles, and especially a dearth of communication which led to this tale of woe with TLS 1.2 and Exchange.

The reasons for moving to TLS 1.2 and avoiding SSL2, SSL3, TLS 1.0 and TLS 1.1 should be well underst… Read the rest “Exchange Managed Availability Broken With TLS 1.2 Changes”

2

Exchange Managed Availability Error – OutlookRpcSelfTestProbe

Posted on by Rhoderick Milne [MSFT]

This case illustrates the "fun" with Managed Availability a particular customer had after making changes to their servers.  The servers were built back in 2014, and as such the default self signed certificates had expired and were previously replaced.  This is because the Exchange self signed certificates have a 5 year validity period.

It was noted that Managed Availability was not healthy in all r… Read the rest “Exchange Managed Availability Error – OutlookRpcSelfTestProbe”

1

Unable To Add Server to DAG Enabled Computer Object With The Given Name Already Exists

Posted on by Rhoderick Milne [MSFT]
Unable To Add Server to DAG Enabled Computer Object With The Given Name Already Exists

As we saw previously, Windows Server 2012 introduced some changes with regards to creating a Database Availability Group (DAG).  For example, you may have encountered this issue Add-DatabaseAvailabilityGroupServer – You Must Provide A Value For This Property.

The issue below is another example where the pre-work to create the underlying DAG computer network object (CNO) was not done fully.

Starting

Read the rest “Unable To Add Server to DAG Enabled Computer Object With The Given Name Already Exists”
3

A Tale of Two Certificates–SHA1 Certificate Created During Exchange 2016 Installation

Posted on by Rhoderick Milne [MSFT]

The security space is constantly evolving, and while a lot of the recent work has been on moving to TLS 1.2, a previous focus in the industry was to stop issuing SHA1 certificates and transition to SHA2 based certificates.  As a result, many will run security scans to review the presence of installed certificates and their properties.  In one such engagement, the security team noted their displeas… Read the rest “A Tale of Two Certificates–SHA1 Certificate Created During Exchange 2016 Installation”