Register Free Newsletter Plus Membership
  • Home
    • Newsletters/Alerts
    • Forums
    • About
    • MS-DEFCON System
    • Master Patch List
    • Register
    • Login
Microsoft Patch Defense Condition level 4 There are isolated problems with current patches, but they are well-known and documented on this site.
SIGN IN Not a member? REGISTER PLUS MEMBERSHIP
  • Microsoft email zero day

    Home » Forums » Newsletter and Homepage topics » Microsoft email zero day

    • This topic has 11 replies, 4 voices, and was last updated 5 months, 1 week ago.

    Tags: AskWoody Alert AskWoody Plus Alerts Patch Lady Posts

    Author
    Topic
    New Reply
    Susan Bradley
    Manager
    September 30, 2022 at 11:05 am #2484177
    Options
    • Reply
    • Quote

    What is it?  Microsoft is investigating targeted attacks on their on premises Email servers.  Attackers have found a way into servers that are already
    [See the full post at: Microsoft email zero day]

    Susan Bradley Patch Lady

    Reply | Quote
    Viewing 4 reply threads
    Author
    Replies
    • Mark
      Guest
      September 30, 2022 at 11:34 am #2484187
      Options
      • Reply
      • Quote

      I use Outlook.com and have noticed an increase in phishing mail lately.  I don’t use Outlook.com as my primary e-mail service.  The phishing e-mails are sometimes amusing. I find that they repeat the same message again and again.  Most use gmail.com.

      Mark

       

      Reply | Quote
    • b
      Manager
      September 30, 2022 at 2:14 pm #2484215
      Options
      • Reply
      • Quote
      Susan Bradley wrote:

      Is this disturbing that EVERY time there is a zero day in Microsoft on premises email servers, Microsoft can conveniently scramble and get their online servers patched and meanwhile those that purchase on premises software are stuck holding the bag.

      Would it be less disturbing if Microsoft didn’t patch their own servers immediately (while asking everyone else to do so)?

      Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge

      Reply | Quote
      • Susan Bradley
        Manager
        September 30, 2022 at 3:00 pm #2484231
        Options
        • Reply
        • Quote

        It’s disturbing that they can patch but yet can’t build a patch for external users.  Because clearly they are patching themselves quite quickly.

        Susan Bradley Patch Lady

        Reply | Quote
        • b
          Manager
          September 30, 2022 at 3:04 pm #2484233
          Options
          • Reply
          • Quote

          Or perhaps they’ve deployed the mitigations available to everyone?

          Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge

          Reply | Quote
          • Susan Bradley
            Manager
            September 30, 2022 at 4:01 pm #2484244
            Options
            • Reply
            • Quote

            Then they can be a bit more proactive and include these mitigations in the tool that they supposedly wrote to help protect for these zero days.  Currently it doesn’t help to protect servers for this issue.

            Susan Bradley Patch Lady

            2 users thanked author for this post.
            fk5353, Alex5723
            Reply | Quote
    • Simon_Weel
      AskWoody Plus
      October 1, 2022 at 9:20 am #2484426
      Options
      • Reply
      • Quote
      Susan Bradley wrote:

      include these mitigations in the tool that they supposedly wrote to help protect for these zero days

      Good news. They have as of October first. Those who have installed Exchange Server Emergency Mitigation and enabled it, the fix is applied automatically. Won’t hurt to check if it actually did, see the topic Controlling automatic mitigation in your environment

      As you say; it does make you wonder how MS patches it’s own Exchange servers; assuming they run Exchange for their MS 365 solutions.

      1 user thanked author for this post.
      b
      Reply | Quote
      • b
        Manager
        October 1, 2022 at 10:32 am #2484446
        Options
        • Reply
        • Quote

        September 30, 2022 updates:

        Added link to Microsoft Security blog in Summary.

        Microsoft released the Exchange Server Emergency Mitigation Service (EMS) mitigation for this issue.

        Microsoft created a script for the URL Rewrite mitigation steps and modified step 6 in the Mitigations section.

        Mitigations
        …
        Option 1: For customers who have the Exchange Server Emergency Mitigation Service (EMS) enabled, Microsoft released the URL Rewrite mitigation for Exchange Server 2016 and Exchange Server 2019. The mitigation will be enabled automatically. Please see this blog post for more information on this service and how to check active mitigations.

        Option 2: Microsoft created the following script for the URL Rewrite mitigation steps. https://aka.ms/EOMTv2

        Option 3: Customers can follow the below instructions, which are currently being discussed publicly and are successful in breaking current attack chains.
        …
        Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

        Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge

        Reply | Quote
      • Susan Bradley
        Manager
        October 1, 2022 at 12:21 pm #2484458
        Options
        • Reply
        • Quote

        It’s forked from the premises based Exchange.  Not quite the same code.

        Susan Bradley Patch Lady

        Reply | Quote
    • Susan Bradley
      Manager
      October 1, 2022 at 12:20 pm #2484457
      Options
      • Reply
      • Quote

      Kevin Beaumont on Twitter: “Nope. Exchange 2010 isn’t vuln to ProxyLogon, ProxyShell or ProxyNotShell as the Exchange Online integration isn’t there, basically.” / Twitter

      Exchange 2010 is not vulnerable.

      Susan Bradley Patch Lady

      Reply | Quote
    • oldguy
      AskWoody Lounger
      October 20, 2022 at 10:25 am #2490631
      Options
      • Reply
      • Quote

      Seems poor configuration was part of the problem.. (or is this another “incident”? This is October 4th..)

      https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/

      https://twitter.com/KiPos_info/status/1577745070941503488

      Should anyone be able to make use of this..

       

       

      Reply | Quote
      • Susan Bradley
        Manager
        October 20, 2022 at 11:17 am #2490648
        Options
        • Reply
        • Quote

        Totally different issue.

        Susan Bradley Patch Lady

        Reply | Quote
    Viewing 4 reply threads
    Reply To: Microsoft email zero day

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




    Cancel
DON'T MISS OUT!
Subscribe to the AskWoody Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address
Thanks for subscribing!

Register
Lost your password?

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.


Get Plus!

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Search Newsletters

Search Forums

Advanced Search

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums
  • Search for Topics

    • Most popular topics
    • Topics with no replies
    • Recently active topics
    • New posts: Last day
    • New posts: Last three days
    • New posts: Last week
    • New posts: Last month
    • Topics with most replies
    • Latest topics

    Recent Topics

    • Are you checking your backup tonight? by Susan Bradley
      2 hours, 3 minutes ago
    • Old Microsoft ‘opt-in’ fix exploited in 3CX attack by Microfix
      9 hours, 1 minute ago
    • Brave’s Lost Mouseover by Casey H
      6 hours, 52 minutes ago
    • Court ordered GitHub to disclose users leaking Twitter code by Alex5723
      10 hours, 12 minutes ago
    • Italy bans chatGPT over privacy. by Alex5723
      11 hours, 33 minutes ago
    • Windows 11 Insider Preview build 25330 released to Canary by joep517
      12 hours, 47 minutes ago
    • Windows 11 Insider Preview build 23424 released to DEV by joep517
      12 hours, 50 minutes ago
    • Betterbird updates by Alex5723
      16 hours, 17 minutes ago
    • Windows 2000 – Windows 11 Not Responding Prompts! by Alex5723
      23 hours, 2 minutes ago
    • 40+ macOS Keyboard Shortcuts you NEED to know by Alex5723
      22 hours, 51 minutes ago
    • backup web hotmail to local drive. by Oberon
      22 hours, 7 minutes ago
    • Vinyl nostalgia by Microfix
      1 hour, 47 minutes ago
    • March 31st is world backup day. by Alex5723
      22 hours, 29 minutes ago
    • Using an iPad and replying with a selected quote by WCHS
      1 day, 4 hours ago
    • Plex Media Server support ending for older versions of… by Alex5723
      1 day, 11 hours ago
    • BingBang: The AAD misconfiguration in Azure Active Directory by Alex5723
      1 day, 11 hours ago
    • May I add another HD to my tower? by Rush2112
      7 hours, 28 minutes ago
    • Pwn2Own: Tesla 3 infotainment hacked in 2 minutes by Alex5723
      1 day, 19 hours ago
    • Another Windows media creation tool? Sure, why not. by Alex5723
      2 days, 10 hours ago
    • Microsoft Defender : Legit URLs marked as malicious by Alex5723
      1 day, 9 hours ago
    • Refurbished HP ProBook by Kathy Stevens
      7 hours, 4 minutes ago
    • Microsoft PC Manager (beta) updates by Alex5723
      1 day, 17 hours ago
    • Ubuntu Cinnamon becomes an official flavor, making Linux Mint obsolete by Alex5723
      14 hours, 1 minute ago
    • HDMI KVM switch for DP by freelab23
      3 days, 1 hour ago
    • My Experience with Win 11 ver 22H2 by agoldhammer
      3 days, 7 hours ago
    • Email from Mail on my iPhone to Gmail address failed by DrRon
      8 hours, 33 minutes ago
    • Can’t Update Win 10 past 21H2 by cmndo97
      3 days, 9 hours ago
    • Revo Uninstaller (freeware) Updates by Microfix
      16 hours, 39 minutes ago
    • The Third deployment phase for CVE-2022-37967 starts April 11, 2023 by Alex5723
      3 days, 10 hours ago
    • Firefox to support Windows 7 and 8 systems well into 2024 at least by Alex5723
      2 days, 18 hours ago

    Recent blog posts

    • Are you checking your backup tonight?
    • MS-DEFCON 4: Win11 22H2 not ready for prime time
    • Apple zero days fixed today
    • You’re fired if you don’t know how to use GPT-4
    • Microsoft 365 Copilot announced
    • What’s wrong with OneNote — and what you can fix
    • Temp_Cleaner GUI — Just what I was looking for
    • Who controls our tech?

    Login and Registration

    • Log In
    • Register

    Key Links

    • > Computerworld's The Microsoft Patch Lady
    • > Computerworld's Woody on Windows
    • AskWoody Knowledge Base index
    • Brian's Muscular Portfolios newsletter
    • Gift subscription for Ask Woody Newsletter
    • Microsoft Answers Forum
    • Tasks for the Weekend YouTube Channel
    April 2023
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
    « Mar    

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home • About • FAQ • Posts & Privacy • Forums • My Account
    Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.

    Insert/edit link

    Enter the destination URL

    Or link to existing content

      No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.