Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Microsoft Patches PrivExchange Vulnerability in February Quarterly Updates

Microsoft_exchange

Microsoft patched the PrivExchange privilege escalation vulnerability which affected Microsoft Exchange Server 2010 and newer installations where Exchange Web Services (EWS) and Push Notifications were enabled.

ThePrivExchangepatch was released as part of Microsoft'sFebruary 2019 Quarterly Exchange Updates which containquarterly servicing updates, as well as cumulative and update rollups for supported versions of Exchange Server.

According to Microsoft:

The update to EWS Push Notifications is considered a critical security update and customers should deploy the update as soon as they understand and accept any potential impact. The change in Push Notification authentication is a permanent change to the product and necessary to protect the security of an Exchange Server.

Microsoft advises all Exchangecustomers to reset their servers' credentials from Active Directory after applying the update rollup or the cumulative update.Todo this, customers can use "the ...(continued)

View All Trending Stories