Carnivore: is a tool for assessing on-premises Microsoft servers such as ADFS, Skype, Exchange, and RDWeb. Carnivore’s functionality covers every stage an attacker would follow – from discovering relevant subdomains, to uncovering username format and username enumeration, to password spraying etc. research.nccgroup.com/202…
πŸ‘︎ 242
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/digicat
πŸ“…︎ Dec 03 2020
🚨︎ report
Security Alert prompt in Outlook and mobile mail (Airwatch) after renewing Microsoft Exchange and Microsoft Exchange Server Auth Certificate

Seeking for advices here, I don't know what's happening.

This started with a vulnerability report, saying that some servers in this environment has self-signed cert signed with weak hashing algorithm. That include both Exchange servers.

Took me some time to determine that the self signed cert that the vulnerability was talking about are Microsft Exchange and Microsoft Exchange Server Auth Certificate. Both were signed with SHA1.

So, I took the liberty to renew both in Exchange Admin Center (On-prem). Another scan show Exchanger servers does not have that vulnerability anymore.

But, problem start occuring. Users started receving prompts on their computer Outlook and mobile phone (using Airwatch), saying that the certi is invalid or the cert does not match the URL.

The way this Exchange was set up is:

CompanyEX01.ad.company.com - this is the FQDN. Corporate domain is ad.company.com

Internal DNS has a zone, for [m.com

... keep reading on reddit ➑

πŸ‘︎ 2
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/ongcs
πŸ“…︎ Dec 17 2020
🚨︎ report
Carnivore: is a tool for assessing on-premises Microsoft servers such as ADFS, Skype, Exchange, and RDWeb. Carnivore’s functionality covers every stage an attacker would follow – from discovering relevant subdomains, to uncovering username format and username enumeration, to password spraying etc. research.nccgroup.com/202…
πŸ‘︎ 23
πŸ“°︎ r/redteamsec
πŸ’¬︎
πŸ‘€︎ u/digicat
πŸ“…︎ Dec 03 2020
🚨︎ report
Announcing Microsoft Exchange Server vNext!

Some REALLY exciting Exchange Server news was announced for on-premises customers at the Microsoft Ignite virtual conference today!

Microsoft will be releasing the next versions of Exchange Server, SharePoint Server, and Skype for Business Server the second half of 2021. These new on premises server versions will only be available with the purchase of a subscription license, using a similar subscription model to Microsoft 365.

https://blog.expta.com/2020/09/announcing-microsoft-exchange-server.html

πŸ‘︎ 37
πŸ“°︎ r/exchangeserver
πŸ’¬︎
πŸ‘€︎ u/expta
πŸ“…︎ Sep 22 2020
🚨︎ report
Millions of files in C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OAB\Temp

Does anyone know if it's safe to delete the files in here? I assume they are using in OAB generation but not 100% sure if they are safe to delete or should be being cleaned up automatically.

We are seeing this directory grow to 50+ GB and 6.5 million+ files on some servers. The files stretch back to 2017 (which is probably when the server was built).

We are running Exchange 2016 CU16.

Cheers for any assistance!

πŸ‘︎ 12
πŸ“°︎ r/exchangeserver
πŸ’¬︎
πŸ‘€︎ u/TigerNo3525
πŸ“…︎ Aug 07 2020
🚨︎ report
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Vulnerability srcincite.io/advisories/s…
πŸ‘︎ 2
πŸ“°︎ r/blueteamsec
πŸ’¬︎
πŸ‘€︎ u/c0daman
πŸ“…︎ Sep 14 2020
🚨︎ report
Forgot2kEyXCHANGE - CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys thezdi.com/blog/2020/2/24…
πŸ‘︎ 194
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/Gallus
πŸ“…︎ Feb 26 2020
🚨︎ report
CrowdStrike hasn’t explained why it has NO evidence that the hackers stole tens of thousands of emails from the DNC’s Microsoft Exchange server in late May of 2016, as alleged by special counsel Robert Mueller archive.fo/8vzdJ
πŸ‘︎ 25
πŸ“°︎ r/donaldtrump
πŸ’¬︎
πŸ‘€︎ u/WTCMolybdenum4753
πŸ“…︎ Jul 09 2020
🚨︎ report
CrowdStrike hasn’t explained why it has NO evidence that the hackers stole tens of thousands of emails from the DNC’s Microsoft Exchange server in late May of 2016, as alleged by special counsel Robert Mueller archive.fo/8vzdJ
πŸ‘︎ 15
πŸ“°︎ r/DrainTheSwamp
πŸ’¬︎
πŸ‘€︎ u/WTCMolybdenum4753
πŸ“…︎ Jul 09 2020
🚨︎ report
Defending Exchange servers under attack - Microsoft Security microsoft.com/security/bl…
πŸ‘︎ 25
πŸ“°︎ r/blueteamsec
πŸ’¬︎
πŸ‘€︎ u/digicat
πŸ“…︎ Jun 28 2020
🚨︎ report
Valak targets Microsoft Exchange servers to steal enterprise data zdnet.com/article/valak-t…
πŸ‘︎ 3
πŸ“°︎ r/cybersecurity
πŸ’¬︎
πŸ‘€︎ u/zr0_day
πŸ“…︎ May 28 2020
🚨︎ report
Outlook is trying to retrieve data from the Microsoft Exchange server outlook.office365.com.

I have an office that experiences this message. When I use psping and ping outlook.office365.com:443 when they report the message happens, I can see a lot of packet loss.

This is a small business, total of 7 users with a Spectrum business class cable connection. 200/10 is the speed they pay for.

When the message happens, Outlook freezes up. It happens at random. It happens sometimes changing folders, doing a search.

I have tried every single fix including:

- Disable antivirus, no antivirus, clean install

- Power cycling the cable modem (they use Spectrum) will usually clear the problem up - sometimes for a week, sometimes for 24 hours

- Prefer IPv4 over IPv6, disabled IPv6

- Re-create profile

- Safe mode, make sure no add-ons are enabled

- Disabled hardware acceleration

- Clean install

- Brand new computer, i9 9900K, 32GB Memory, Intel Gigabit NIC, 500 GB NVMe PCIe SSD class 40

- Certified the data run to patch panel

- This ha

... keep reading on reddit ➑

πŸ‘︎ 9
πŸ“°︎ r/Office365
πŸ’¬︎
πŸ‘€︎ u/nocturnal
πŸ“…︎ Dec 19 2019
🚨︎ report
Forgot2kEyXCHANGE - CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys thezdi.com/blog/2020/2/24…
πŸ‘︎ 25
πŸ“°︎ r/programming
πŸ’¬︎
πŸ‘€︎ u/Gallus
πŸ“…︎ Feb 27 2020
🚨︎ report
Company WFH, Exchange servers just got pegged. Microsoft.Store.Worker.exe looks like at least one culprit

Sent 250 workers to WFH, although half the company is already on a WFH plan. Sure enough one of my 2016 Exchange servers just got hammered and broke it's CAS connections for users to get into Outlook. Load Balancers were fine.. Storage was good (not great, but no drive over 80%). CPU and Ram were near 100% at time though, being taken up by several Microsoft.Exchange.Store.Worker.exes. the other box, the pimrary box that is, was fine.

A reboot fixed it, but this doesn't seem to be a coincidence. My boxes have been fine for months and the first day everyone connects remotely, one barfs on itself.

Any ideas? What sort of underlying things are changed when workers go from connecting to Outlook internally to externally? I feel like that's what caused this.

πŸ‘︎ 3
πŸ“°︎ r/exchangeserver
πŸ’¬︎
πŸ‘€︎ u/lineskicat14
πŸ“…︎ Mar 16 2020
🚨︎ report
CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys zerodayinitiative.com/blo…
πŸ‘︎ 66
πŸ’¬︎
πŸ‘€︎ u/RedmondSecGnome
πŸ“…︎ Feb 25 2020
🚨︎ report
Microsoft Extending End of Support for Exchange Server 2010 to October 13th, 2020 techcommunity.microsoft.c…
πŸ‘︎ 43
πŸ“°︎ r/exchangeserver
πŸ’¬︎
πŸ‘€︎ u/teh_kyle
πŸ“…︎ Sep 16 2019
🚨︎ report
Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw securityaffairs.co/wordpr…
πŸ‘︎ 14
πŸ“°︎ r/InfoSecNews
πŸ’¬︎
πŸ‘€︎ u/quellaman
πŸ“…︎ Mar 09 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.