Microsoft to retire the OWA Light client in Exchange Server
Microsoft has announced plans to disable Outlook Web Access (OWA) Light, the lightweight version of the Outlook Web App email client, in a future Exchange Server update. [...]
Stay updated on Exchange Server security with the latest news, updates, and expert insights into protecting your email communications effectively.
Search across headline titles and summaries.
Background for this topic.
Exchange Server is a Microsoft server platform for organizational email, calendars, contacts, and mailbox storage. It may run within an organization or as part of a hybrid environment, and commonly exposes web, mail-transfer, and administration interfaces. Because it stores business communications and can mediate access to accounts, it is a high-value system for security teams.
Security concerns include exploitation of vulnerabilities in internet-facing services, theft or misuse of privileged accounts, and unauthorized mailbox access through weak authentication or compromised credentials. Protection requires prompt, tested security updates; minimizing and monitoring external exposure; strong authentication for administrators and remote access; and careful separation of administrative privileges. Logs from web access, authentication, mailbox activity, and mail flow support detection and investigation. Organizations should also maintain tested backups and recovery procedures, while applying retention, access-control, and privacy requirements to stored messages and attachments.
Weekly headline count for the current query.
Microsoft has announced plans to disable Outlook Web Access (OWA) Light, the lightweight version of the Outlook Web App email client, in a future Exchange Server update. [...]
Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...]
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks. [...]
Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. [...]
Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise. [...]
Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environments without leaving any traces. [...]
Microsoft has announced that the Exchange Server Subscription Edition (SE) is now available to all customers of its enterprise email service. [...]
A 36-year-old Yemeni national, who is believed to be the developer and primary operator of 'Black Kingdom' ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers. [...]
Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated. [...]
Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...]
Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. [...]
The United Kingdom's Information Commissioner's Office (ICO) revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. [...]
Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. [...]
The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. [...]
Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. [...]
Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. [...]
Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14). [...]
Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. [...]
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. [...]