News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Plus member bonus – Exchange security issue

    Home Forums AskWoody blog Plus member bonus – Exchange security issue

    • This topic has 9 replies, 3 voices, and was last updated 1 month ago.
    Viewing 3 reply threads
    • Author
      Posts
      • #2348413
        Susan Bradley
        Manager

        For those of you that are small businesses, I have uploaded to the Master Patch list page some special links, resources and a  Plus member only video
        [See the full post at: Plus member bonus – Exchange security issue]

        Susan Bradley Patch Lady

      • #2348557
        anonymous
        Guest

        With a problem as large as this you restrict this vital information to the Pro members area ONLY?

        • #2348604
          Susan Bradley
          Manager

          It relates to business mail users not home or consumer users.  Since it doesn’t apply to most of the membership, it’s a bonus to the Plus members that are business owners/consultants.

          Susan Bradley Patch Lady

      • #2349045
        JohnFDoe
        AskWoody Plus

        MAJOR Problem: The patch list apparently tells businesses to install the infected Exchange patches!

        Those should be updated to be marked “DO NOT INSTALL, INFECTED!!”

        Those kinds of patch rejections is why most of us pay for access to the patch lists (and also why we generally defer Microsoft updates for longer than officially recommended).

        Also, the fact that someone was able to infiltrate the update system itself at Microsoft raises major questions as to the level of trust that should be placed in Microsoft updates.

        • #2349055
          JohnFDoe
          AskWoody Plus

          Update: Some news media reported that it was the Exchange patches themselves that had been compromised, not that the exchange servers were getting attacked with 0-days.

          • #2350145
            Susan Bradley
            Manager

            No, what they were referring to was that during the patch testing process they share “indicators of compromise” and information with antivirus vendors and other patch testers. It’s possible that one of THEM had been hacked and thus the information got leaked out because someone hacked their inbox/credentials.

            Susan Bradley Patch Lady

        • #2349294
          Paul T
          AskWoody MVP

          Where have you seen evidence that the patches were infected?
          Speculation isn’t enough for such an important issue.

          cheers, Paul

        • #2350147
          Susan Bradley
          Manager

          With my deepest respect but these Exchange updates were not infected.  No Microsoft updates systems were infiltrated.  I would recommend that you review this article:  https://www.wsj.com/articles/microsoft-probing-whether-leak-played-role-in-suspected-chinese-hack-11615575793?mod=djemalertNEWS

          Susan Bradley Patch Lady

      • #2350144
        Susan Bradley
        Manager
    Viewing 3 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Plus member bonus – Exchange security issue

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.