Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 CVSS score: 9.8, the issue has been...

Fat Patch Tuesday, February 2024 Edition

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Top of the heap on this Fat Patch Tuesday is CVE-2024-21412, a...

Cumulative Update 14 for Exchange Server 2019 (KB5035606)

Cumulative Update 14 for Exchange Server 2019 KB5035606 Important: This regularly scheduled cumulative update contains all the security fixes of the security updates in February and previous security updates. Cumulative Update 14 for Microsoft Exchange Server 2019 was released on February 13, 202...

Description of the security update for Microsoft Exchange Server 2019 and 2016: November 14, 2023 (KB5032146)

Description of the security update for Microsoft Exchange Server 2019 and 2016: November 14, 2023 KB5032146 Notice For Microsoft Exchange Server 2016 installations, see also KB 5032147 for additional information about issues that are fixed in this security update. This security update rollup...

Description of the security update for Microsoft Exchange Server 2016: November 14, 2023 (KB5032147)

Description of the security update for Microsoft Exchange Server 2016: November 14, 2023 KB5032147 Notice See also KB 5032146 for additional information about issues that are fixed in this security update. This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn...

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 10, 2023 (KB5030877)

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 10, 2023 KB5030877 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE:...

Description of version 2 of the security update for Microsoft Exchange Server 2019 and 2016: August 15, 2023 (KB5030524)

Description of version 2 of the security update for Microsoft Exchange Server 2019 and 2016: August 15, 2023 KB5030524 Notice We have re-released the Exchange Server 2019 and 2016 August 8, 2023, security update SU to address the localization issue that caused installations on non-English operati...

Description of the security update for Microsoft Exchange Server 2019 and 2016: August 8, 2023 (KB5029388)

Description of the security update for Microsoft Exchange Server 2019 and 2016: August 8, 2023 KB5029388 Notice We have re-released the Exchange Server 2019 and 2016 August 8, 2023, security update SU to address the localization issue that caused installations on non-English operating systems OS ...

Description of the security update for Microsoft Exchange Server 2016: June 13, 2023 (KB5025903)

Description of the security update for Microsoft Exchange Server 2016: June 13, 2023 KB5025903 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE: CVE-2023-28310 -...

Description of the security update for Microsoft Exchange Server 2019: June 13, 2023 (KB5026261)

Description of the security update for Microsoft Exchange Server 2019: June 13, 2023 KB5026261 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE: CVE-2023-28310 -...

Microsoft Urges Customers to Secure On-Premises Exchange Servers

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange...

Description of the security update for Microsoft Exchange Server 2019: January 10, 2023 (KB5022193)

Description of the security update for Microsoft Exchange Server 2019: January 10, 2023 KB5022193 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE CVE-2023-21745...

Description of the security update for Microsoft Exchange Server 2013: January 10, 2023 (KB5022188)

Description of the security update for Microsoft Exchange Server 2013: January 10, 2023 KB5022188 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE: CVE-2023-2176...

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 8, 2022 (KB5019758)

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 8, 2022 KB5019758 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CV...

Description of the security update for Microsoft Exchange Server 2019 and 2016: August 9, 2022 (KB5015322)

Description of the security update for Microsoft Exchange Server 2019 and 2016: August 9, 2022 KB5015322 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE:...

Security update 2022-08-09

...

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 11, 2022 (KB5019077)

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 11, 2022 KB5019077 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE:...

Description of the security update for Microsoft Exchange Server 2013: August 9, 2022 (KB5015321)

Description of the security update for Microsoft Exchange Server 2013: August 9, 2022 KB5015321 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE: CVE-2022-21979 ...

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn tools in...

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn tools in...