17 matches found
Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identifi...
Mitigating NTLM Relay Attacks by Default
Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication EPA by default for new and existing installs of Exchange 2019. While we’re currently unaware of any activ...
CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability
...
Security Update For Exchange Server 2019 CU13 (KB5029388)
The security update addresses the vulnerabilities descripted in the CVEs...
Security Update For Exchange Server 2019 CU6 (KB5000871)
The security update addresses four remote code execution vulnerabilities for Microsoft Exchange Server...
Security Update For Exchange Server 2013 CU23 (KB5004778)
The security update addresses the vulnerabilities descripted in the CVEs...
Security Update For Exchange Server 2016 CU11 (KB4487563)
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access OWA fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive...
Update Rollup 28 for Exchange Server 2010 Service Pack 3 (KB4503028)
This update for Microsoft Exchange Server provides enhanced security as a defense in depth measure...
Security Update For Exchange Server 2019 CU8 (KB5000871)
The security update addresses seven remote code execution vulnerabilities for Microsoft Exchange Server...
Security Update For Exchange Server 2019 CU12 (KB5026261)
The security update addresses the vulnerabilities descripted in the CVEs...
Security Update For Exchange Server 2013 SP1 (KB4018588)
A security issue has been identified that could allow an attacker to run programs and access data on a computer running Microsoft Exchange Server 2013. You can help protect your computer by installing this update from Microsoft...
Security Update For Exchange Server 2013 CU20 (KB4092041)
This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access OWA. The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an email message that has a specially crafted attachment to a vulnerable server that is...
Security Update For Exchange Server 2013 CU2 (KB2880833)
The security update addresses the vulnerabilities by updating the affected Oracle Outside In libraries to a non-vulnerable version, and the vulnerabilities that Exchange Server could allow remote code execution...
Security Update For Exchange Server 2016 CU22 (KB5019758)
The security update addresses the vulnerabilities descripted in the CVEs...
Detectoid: Exchange Server 2019 CU9
Detectoid: Exchange Server 2019 CU9...
Security Update For Exchange Server 2013 CU1 (KB2874216)
The security update addresses the vulnerabilities by updating the affected Oracle Outside In libraries to a non-vulnerable version...
Security Update For Exchange Server 2019 CU6 (KB4581424)
A Microsoft Exchange information disclosure exists in how tokens are validated when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user...