Microsoft to retire the OWA Light client in Exchange Server
Microsoft has announced plans to disable Outlook Web Access (OWA) Light, the lightweight version of the Outlook Web App email client, in a future Exchange Server update. [...]
Stay updated on Exchange Server security with the latest news, updates, and expert insights into protecting your email communications effectively.
Search across headline titles and summaries.
Background for this topic.
Exchange Server is a Microsoft server platform for organizational email, calendars, contacts, and mailbox storage. It may run within an organization or as part of a hybrid environment, and commonly exposes web, mail-transfer, and administration interfaces. Because it stores business communications and can mediate access to accounts, it is a high-value system for security teams.
Security concerns include exploitation of vulnerabilities in internet-facing services, theft or misuse of privileged accounts, and unauthorized mailbox access through weak authentication or compromised credentials. Protection requires prompt, tested security updates; minimizing and monitoring external exposure; strong authentication for administrators and remote access; and careful separation of administrative privileges. Logs from web access, authentication, mailbox activity, and mail flow support detection and investigation. Organizations should also maintain tested backups and recovery procedures, while applying retention, access-control, and privacy requirements to stored messages and attachments.
Weekly headline count for the current query.
Microsoft has announced plans to disable Outlook Web Access (OWA) Light, the lightweight version of the Outlook Web App email client, in a future Exchange Server update. [...]
Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May […]
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild
Just migrate already, would you? But if you can't, Redmond will take your cash Microsoft will keep delivering security updates for old versions of Exchange Server and Skype for Business Server, after admitting that some customers aren't ready to make the move to newer products.…
CISA and NSA have released a blueprint to enhance Microsoft Exchange Server security against cyber-attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation
US Cyber Defense Agency Releases Best Practices to Harden Exchange EnvironmentsU.S. cyber defense officials and their international partners issued a new blueprint for mitigating Microsoft Exchange vulnerabilities on Thursday as governments worldwide continue to grapple with persistent intrusion campaigns targeting on-premises Microsoft Exchange servers in hybrid environments.
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks. [...]
Cybersecurity agency urges organizations to upgrade or risk total network compromise Germany's infosec office (BSI) is sounding the alarm after finding that 92 percent of the nation's Exchange boxes are still running out-of-support software, a fortnight after Microsoft axed versions 2016 and 2019.…
Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. [...]
Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control of entire domains in hybrid cloud environments
Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise. [...]
No reported in-the-wild exploits…yet Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange to the cloud.…
Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions
Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environments without leaving any traces. [...]
It looks like enough of you are struggling to migrate that Redmond is willing to help out – for a price that might buy nothing Microsoft has extended its security update programs for Exchange Server 2016 and 2019, and Skype for Business 2015 and 2019.…
Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China