Security News

Some Exchange Online users who have the RPS feature turned off by Microsoft can now have it re-enabled - at least until September when the tool is retired. Microsoft is moving all of its Exchange Online tenants from the legacy - and increasingly insecure - Remote PowerShell Protocol to the PowerShell v3 module.

Microsoft aims to make it impossible for unsupported and/or unpatched on-prem Microsoft Exchange servers to use the company's Exchange Online hosted cloud service to deliver email. Blocking potentially malicious emails from reaching Exchange Online.

New York law firm Heidell, Pittoni, Murphy and Bach has agreed to pay $200,000 to settle a data-breach lawsuit related to the now-notorious Hafnium Microsoft Exchange attacks that siphoned sensitive data from victims around the world. New York Attorney General Letitia James, who brought the lawsuit against the lawyers, blamed HPMB's poor data security practices for the privacy breach.

Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "Persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them.It will also be able to throttle and eventually block emails from Exchange servers that haven't been remediated before reaching Exchange Online mailboxes.

Microsoft has shared a fix for Outlook sign-in errors that iOS and Android users may encounter with mailboxes in some Exchange environments. "The error occurs in a hybrid Exchange environment, for mailboxes in on-premises Microsoft Exchange Server or Exchange Online," the company said in a support document released on Tuesday.

Microsoft is investigating an ongoing outage blocking Exchange Online customers worldwide from accessing their mailboxes or sending/receiving emails. Affected users see "550 5.4.1 Recipient address rejected: Access denied" errors when trying to send or when receiving messages, starting today at 1:11 PM UTC. "We're investigating an issue wherein users may be unable to access their Exchange Online mailboxes via any connection method. Additional details can be found within the Service Health Dashboard under EX522020," Microsoft tweeted earlier today.

After having stressed the importance of keeping Exchange servers updated last month, Microsoft is advising administrators to widen the scope of antivirus scanning on those servers. Microsoft Exchange servers in attackers' crosshairs.

Microsoft is recommending that Exchange server users scan certain objects for viruses and other threats that until now had been excluded. Microsoft late last month urged Exchange server users to make sure their systems are up-to-date with the latest Cumulative and Security updates and hardened against cyberattacks.

Microsoft says admins should remove some previously recommended antivirus exclusions for Exchange servers to boost the servers' security. "Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues," the Exchange Team said.

A new malware dubbed 'ProxyShellMiner' exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers. ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021.