by edward | Nov 12, 2023 | Exchange 2016, Exchange 2019
In the August 2023 Security update (SU) for Exchange Server 2016 and Exchange Server 2019, there was a work around that had to be put in place to remove the Token Cache Module in IIS to mitigate a vulnerability. Microsoft provided the script and you could apply it to...
by edward | Nov 10, 2023 | Exchange 2016
Sometimes the event logs on Exchange servers throw up errors or warnings that do not appear again. The event ID, 4002 for MSExchange Availability is a broad error/warning/informational alert. Looking a the error below, a Proxy request failed with an HTTP status code...
by edward | Nov 8, 2023 | Exchange 2016
As everything relies heavily on DNS and the ability to resolve names to IP’s etc., if your DNS upstream is not working or something firewall/internally is not working, things do not always function as they should and you are presented with false positives. A...
by edward | Nov 7, 2023 | Exchange 2016
In one of my lab machines I was sifting through the log files and came across Event ID 12000 as shown below. As this lab machine does not have internet access at all, the error was a bit strange and no other alerts were raised. Nothing out of the ordinary was done...
by edward | Nov 7, 2023 | Exchange 2019, NMAP, NMAP Scripting Engine
In my blog post yesterday where I show cased that a bad actor can get the Exchange Server version with CU/SU you are running and based on that information if not patched start attacking your server. In the October 2023 Security Update for Exchange, KB5030877 for both...