tldrdailynews.com logo
Tag

Exchange Server

All articles tagged with #exchange server

Exchange zero-day exploited in XSS attacks prompts rapid mitigations ahead of patches
security11 days ago

Exchange zero-day exploited in XSS attacks prompts rapid mitigations ahead of patches

Microsoft warns of a spoofing vulnerability in Exchange Server (CVE-2026-42897) that attackers can exploit via cross-site scripting to run arbitrary JavaScript in Outlook on the Web; patches aren’t yet available, but the Exchange Emergency Mitigation Service (EEMS) can automatically shield on-premises servers, with guidance to enable it now and an option to use the Exchange On-Premises Mitigation Tool (EOMT) for air-gapped networks. Mitigations may disrupt OWA features (calendar printing, inline images) and some OWA modes, and patches are planned for SE RTM and specific CU releases, though 2016/2019 updates may be limited to ESU Period 2. CISA/NSA previously highlighted widely exploited Exchange flaws and guidance to harden servers.

via BleepingComputer|
#cve-2026-42897#exchange-server#mitigations
On-Prem Exchange Exploit Targets Crafted Emails With CVE-2026-42897
technology12 days ago

On-Prem Exchange Exploit Targets Crafted Emails With CVE-2026-42897

Microsoft warns that on-premises Exchange Server is being actively exploited for CVE-2026-42897, a cross-site scripting spoofing flaw that can let an attacker run arbitrary JavaScript when a user opens a crafted email in Outlook Web Access under certain interactions; affected products are Exchange 2016, 2019, and SE (any update), while Exchange Online is not impacted. Mitigations are provided via the Exchange Emergency Mitigation Service (URL rewrite) and the on-prem EOMT tool for manual deployment; air-gapped environments can apply the per-server or all-servers script. A cosmetic issue may show 'Mitigation invalid for this exchange version' but the mitigation is still applicable. No details on who is exploiting or the scope are available; admins are advised to apply the mitigations promptly.

via The Hacker News|
#cross-site-scripting#cve-2026-42897#exchange-emergency-mitigation-service
Microsoft and CISA Warn of Critical Exchange Server Vulnerability
technology9 months ago

Microsoft and CISA Warn of Critical Exchange Server Vulnerability

Microsoft and CISA have issued warnings about a high-severity Exchange Server bug (CVE-2025-53786) that could allow attackers with administrative access to escalate privileges and potentially compromise entire domains, especially in hybrid cloud environments. Organizations are urged to apply the recommended patches and follow security guidance to mitigate the risk of exploitation, which is deemed likely to occur soon.

via theregister.com|
#cve-2025-53786#cybersecurity#exchange-server
Microsoft Discloses Critical Exchange Server Vulnerability in Hybrid Setups
security9 months ago

Microsoft Discloses Critical Exchange Server Vulnerability in Hybrid Setups

Microsoft disclosed a high-severity vulnerability in on-premise Exchange Server (CVE-2025-53786) that could allow attackers with admin access to escalate privileges in connected cloud environments, especially in hybrid setups. The flaw, which shares a service principal with Exchange Online, poses risks of undetectable privilege escalation and identity compromise if unpatched. Microsoft recommends applying the latest hotfix, reviewing security configurations, and resetting service principal keys if no longer used. CISA also warns about related malware exploiting recent SharePoint flaws and advises disconnecting outdated or end-of-life Exchange and SharePoint servers from the internet.

via The Hacker News|
#cve-2025-53786#exchange-server#hybrid-deployment
Microsoft and CISA Issue Urgent Warnings on Critical Exchange Server Vulnerability
technology9 months ago

Microsoft and CISA Issue Urgent Warnings on Critical Exchange Server Vulnerability

Microsoft has issued a warning about a high-severity vulnerability (CVE-2025-53786) in Exchange Server hybrid deployments that could allow attackers to escalate privileges and compromise both on-premises and cloud environments, with potential for total domain takeover. The vulnerability affects Exchange Server 2016, 2019, and Subscription Edition, and Microsoft recommends applying hotfixes and following security guidelines to mitigate risks. Failure to address this issue could lead to significant security breaches, especially as exploit code may be developed for malicious use.

via BleepingComputer|
#cve-2025-53786#exchange-server#hybrid-deployment
"Microsoft Exchange Server Vulnerability (CVE-2024-21410) Exploited and Patched"
technology2 years ago

"Microsoft Exchange Server Vulnerability (CVE-2024-21410) Exploited and Patched"

Microsoft has confirmed active exploitation of a critical security flaw (CVE-2024-21410) in Exchange Server, enabling privilege escalation and NTLM relay attacks. The company has released fixes as part of its Patch Tuesday updates, also addressing two other Windows flaws (CVE-2024-21351 and CVE-2024-21412) actively weaponized in real-world attacks. Additionally, a critical vulnerability (CVE-2024-21413) affecting Outlook email software has been patched, allowing for remote code execution by bypassing security measures. Threat actors, including Russian state-affiliated hacking groups, have a history of exploiting such flaws, with details about the current exploitation and threat actors unknown.

via The Hacker News|
#cve-2024-21410#cybersecurity#exchange-server
"Microsoft Exchange Server: Patched Critical Bug Under Active Exploitation"
technology2 years ago

"Microsoft Exchange Server: Patched Critical Bug Under Active Exploitation"

Microsoft has warned about a critical vulnerability in Exchange Server, tracked as CVE-2024-21410, which was exploited as a zero-day before being fixed during this month's Patch Tuesday. The flaw allows remote unauthenticated threat actors to escalate privileges in NTLM relay attacks targeting vulnerable Microsoft Exchange Server versions. Microsoft has released Exchange Server 2019 Cumulative Update 14 (CU14) to address this vulnerability and enable NTLM credentials Relay Protections to mitigate authentication relay and man-in-the-middle attacks. Admins are advised to evaluate their environments and review Microsoft's documentation before toggling EP on their Exchange servers to avoid breaking functionality.

via BleepingComputer|
#exchange-server#microsoft#ntlm-relay-attacks
"Microsoft Exchange Update: Extended Protection Enabled by Default"
technology2 years ago

"Microsoft Exchange Update: Extended Protection Enabled by Default"

Microsoft is automatically enabling Extended Protection (EP) on Exchange servers after installing the 2024 H1 Cumulative Update, aiming to strengthen Windows Server authentication functionality and mitigate authentication relay and man-in-the-middle attacks. Admins are advised to evaluate their environments and review documentation before toggling EP on their servers, with the option to use a provided PowerShell script to manage EP. Microsoft also released a decision flow graph to assist in enabling EP. This move follows the company's previous recommendations to keep Exchange servers up-to-date and ready to deploy emergency security patches.

via BleepingComputer|
#cumulative-update#exchange-server#extended-protection