250 Hello - Security

0

Exchange Managed Availability Broken With TLS 1.2 Changes

Posted on 3rd December 2020 by Rhoderick Milne [MSFT]

In most enterprise customers there is a segregation of duties between multiple teams. This could be networking and desktop. Or Windows Server platform and messaging. It was the split in these roles, and especially a dearth of communication which led to this tale of woe with TLS 1.2 and Exchange.

The reasons for moving to TLS 1.2 and avoiding SSL2, SSL3, TLS 1.0 and TLS 1.1 should be well underst… Read the rest “Exchange Managed Availability Broken With TLS 1.2 Changes”

0

Critical Schannel Vulnerability – MS14-066

Posted on 13th November 2014 by Rhoderick Milne [MSFT]

In the November 2014 security bulletin there were 14 updates released. The updates resolved security issues in IE, OLE and Schannel. It is the latter that is worth calling out for attention since this is the basis of the Microsoft implementation of SSL. Exchange makes heavy use of SSL, and is typically connected to the Internet.

You can read about the other security details in the security bullet… Read the rest “Critical Schannel Vulnerability – MS14-066”

0

Important Upcoming Certificate Changes

Posted on 3rd September 2012 by Rhoderick Milne [MSFT]

Please be aware that there is a pending change for the minimum key length for certificates with RSA keys. The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

The update is available on the Download Center as well as… Read the rest “Important Upcoming Certificate Changes”