The name of the base system (platform): | Microsoft Office |
Developers: | Microsoft |
Last Release Date: | 2022/08/10 |
Technology: | Office Applications, Mail Server |
2023
FSTEC warned of a new vulnerability in Microsoft Exchange, the danger concerns more than 77 thousand servers in Russia
The warning service about the appearance of new vulnerabilities FSTEC has published a warning about the detection of a dangerous BDU:2023-07515 vulnerability ( no CVE number has been assigned) in the fairly popular Exchange mail product Microsoft. It is associated with decoding (deserialization) of unreliable data, with the help of which external attackers can remotely execute arbitrary code with SYSTEM privileges. According to the CVSS classification, the vulnerability level is quite low - only 7.5 out of 10, but the danger is in a very large spread of the vulnerable product.
Actually, this dangerous vulnerability is part of a group of four that were discovered by Peter Bazydlo from Trend Micro's Zero Day Initiative (ZDI) division on September 9th. He collected information about them and handed over to the manufacturer, but representatives of the Microsoft, although they confirmed the presence of vulnerabilities, answered:
We investigated this issue and concluded that it did not require immediate maintenance. We have forwarded your report to the team responsible for maintaining the product and they will consider a possible future fix for the vulnerability, taking appropriate action if necessary to ensure that customers are protected. |
Representatives of the company explained their position by the fact that these vulnerabilities are not exploited by cybercriminals. In addition, according to Microsoft BDU:2023-07515 the vulnerability was allegedly already fixed in the August security updates. However, according to the head of the ZDI threat department, Dustin Childs, the error was fixed only for the default configuration, and in some others it can still be exploited.
In my opinion, this means that many Exchange servers are still vulnerable. And now their administrators think they're safe, even though they may not be, "he observed. |
In particular, according to the vulnerability analysis service Netlas.io the number of Microsoft Exchange servers in the world that can be attacked with BDU:2023-07515 is simply huge - almost 2 million. In Russia alone, there are more than 77.3 thousand such servers, and at the same time our country is only in 6th place, passing forward the United States (430 thousand vulnerable servers), Germany (382 thousand), France (137 thousand), Austria (78.7 thousand) and the Netherlands (77.5 thousand). At the same time, attackers are very fond of vulnerabilities in Exchange, since this product is installed on a large number of open addresses, is constantly connected to the Internet and is poorly administered - even known vulnerabilities are fixed after a very long time.
Thus, there is a huge need to protect against exploitation of this vulnerability. At the same time, Petr Bazydlo himself, in response to Microsoft's rhetoric, recommended limiting access to Exchange servers as the only effective mitigation strategy. However, FSTEC is also not far away. Her recommendations are as follows: minimize user privileges; disable or completely delete unused user accounts; Use firewalls to limit remote access Restrict access from external networks to vulnerable Microsoft Exchange servers and use virtual private networks (VPNs) to connect to them from outside.
2022
Identify the vulnerability through which ransomware viruses spread
At the end of December 2022, information security researchers from CrowdStrike announced the discovery of a new set of ProxyNotShell exploits for attacks on Microsoft Exchange servers.
The malicious software was called OWASSRF. The investigation showed that Play operators are behind the organization of the attacks extortioner. Exploits allow you to to malefactors execute arbitrary code on vulnerable servers via Outlook Web Access (OWA).
In the case of the traditional ProxyNotShell exploit chain, the attack is carried out in two stages. First, cybercriminals exploit a CVE-2022-41040 vulnerability that allows access to the server side for arbitrary URLs. This type of vulnerability is known as server-side request tampering (SSRF). In the case of ProxyNotShell, the target server service is PowerShell. In the second stage, a CVE-2022-41082 flaw is used to execute arbitrary commands. The new tactics, which were reported by CrowdStrike specialists, will pass the stage with the exploitation of the CVE-2022-41040 hole.
In each case of the hack, CrowdStrike reviewed the relevant logs and recorded no signs of using the CVE-2022-41040 for initial access. Instead, it turned out that the corresponding requests were made directly through Outlook Web Access, which indicates a previously unknown exploit method for Exchange, experts say. |
It is noted that cybercriminals are probably exploiting the CVE-2022-41080 gap. This vulnerability Microsoft was assigned a critical status: it allows you to remotely elevate privileges on Exchange servers. Earlier it was reported that hackers do not use this hole, but now it turned out that this is not the case: exploits for the vulnerability are already actively used in real attacks.[1]
Hacking Russian organizations through vulnerability
Since August 2022, dozens of the Russian organizations have been hacked through vulnerability servers Microsoft Exchange work mail, the company's specialists reported on November 21, 2022. BI.ZONE More. here
To fix critical vulnerabilities, you will need to enable advanced server protection
Critical vulnerabilities in Exchange (CVE-2022-21980, CVE-2022-24477, and CVE-2022-24516) allow attackers to elevate privileges. Although the Exchange Server team did not notice any actively used exploits for these vulnerabilities, administrators are advised to install patch updates as soon as possible. This became known on August 10, 2022.
Administrators will need to manually enable advanced protection for affected servers.
According to Microsoft experts, installing updates is not enough. It is also necessary to manually enable advanced protection (EP) so that hackers can definitely not penetrate vulnerable servers.
Advanced Protection is attacks a human-in-the-middle protection (MITM) feature in which an attacker intercepts data a client's credentials and uses them to access secure resources on the client's target server.
Microsoft focused on the fact that you can only enable EP on certain versions of Exchange (for a complete list of prerequisites, see the Exchange documentation).
Microsoft has released a script to enable advanced protection. However, before using the script, administrators are advised to analyze their environments and examine the documentation for the script.
Security updates are available for the following versions of Exchange Server:
- Exchange Server 2013 CU23 ;
- Exchange Server 2016 CU22 и CU23 ;
- Exchange Server 2019 CU11 и CU12.
Since Microsoft experts believe that all three vulnerabilities can be exploited by attackers, administrators are advised to apply updates as soon as possible[2].
IceApple exploit infects Microsoft Exchange servers
On May 12, 2022, it became known that the researchers safety discovered another platform for subsequent operation called IceApple, deployed on servers Microsoft Exchange.
IceApple is a sophisticated exploit with the ability to deter long-term targets with targeted ones. attacks The framework was discovered at the end of 2021 by the OverWatch threat search team and is CrowdStrike under development. The researchers observed IceApple's rollout after gaining malefactor access to a network owned by organizations in the technology academic governmental and activity sectors.
IceApple has been deployed on instances of Microsoft Exchange Server, but it can also run in web applications, the researchers said. Internet Information Services (IIS) The platform is based on.NET and comes with 18 modules with certain functions to detect relevant computers ones on the network, thefts credentials, data delete files and directories, or extract valuable data. The OverWatch CrowdStrike team assumes participation China cyber attacks in IceApple.
The IceApple developer is well versed in. software IIS This is indicated by the presence of a module of undocumented fields that are not intended for third-party developers.
"A detailed analysis of the modules suggests that IceApple was developed by an attacker with deep knowledge of the internal operation of IIS software," - experts told CrowdStrike OverWatch. |
IceApple modules work in memory and do not draw attention to a compromised host to reduce the trail of forensics. Also, to maintain stealth, the exploit penetrates the compromised environment by creating build files that may be temporarily generated by the Microsoft IIS server.
"At first glance, they seem to be expected temporary IIS files created as part of the process of converting ASPX source files to.NET to load IIS," - researchers said. |
The files were not randomly created and downloaded in a manner not typical of Microsoft Exchange and IIS. The cloud security solution CrowdStrike Falcon caused a warning when deploying the Microsoft OWA (Outlook on the web) client module in a.NET environment and allowed IceApple to be detected.
Perhaps in the future, the developer will add more modules to IceApple and adapt the framework to detection technologies.
The team did not provide the exact number of victims of the exploit, but reported intrusions in several user environments and recommended installing the latest updates to all web applications to protect against possible IceApple threats.[3]
IcedID operators spread malware through compromised servers
On March 29, 2022, it became known that cybercriminals they were using compromised servers Microsoft Exchange for mailing and spam e-mail subsequent infection of computer malware IcedID systems.
IcedID is a backdoor that provides the ability to install other malware, including ransomware. Victims receive an encrypted ZIP file as an attachment with a password in the email text and instructions for opening the contents of the archive. This starts the bootloader, which deploys the IcedID on the computer.
Information security specialists from FortiGuard Labs found an email with a malicious ZIP file sent to a Ukrainian fuel company. This campaign also used compromised Microsoft Exchange servers. Malicious activity was identified in March this year, criminals are aimed at energy, medical, legal and pharmaceutical organizations.
Attack begins phishing with an email that contains a message about an important document protected in a password-attached.zip archive and a password in the body of the email. This is usually necessary so that automatic ones scanners cannot see the contents of the ZIP archive. In addition, malefactors they use interception of correspondence for greater persuasiveness. Using intercept correspondence is a method social engineering that can increase the number of successful attempts. phishing
time While previous campaigns used documents Microsoft Office to install malware on victims' computers, in this campaign, IcedID operators use ISO files Windows with an LNK shortcut file and a dynamic library (DLL).
The LNK file is disguised as a document, but when the user clicks on it twice, the file uses the operating system Regsvr32 tool to execute a DLL that decrypts and runs the IcedID. According to experts, the use of Regsvr32 helps attackers avoid detection. This is a command-line program for registering and unregistering DLLs and embedded controls.
Although experts do not associate this IcedID campaign with a certain one, the cybercrime group Proofpoint June 2021 report noted that ON groups of TA577 and TA551 prefer to use IcedID as their malicious one.[4]
2021
IKEA hit by phishing attacks through hacked Microsoft Exchange servers
At the end of November 2021, phishing attacks through hacked Microsoft Exchange servers hit IKEA. Attackers send malicious emails to the retailer's subsidiaries, as well as its partners. Read more here.
Use of Iranian groups in attacks
The cyber conflict between USA Iran and continues to heat up. This became known on November 18, 2021. - INFORMATION SECURITY agencies have warned of a growing number of attacks Iranian groups exploiting vulnerabilities in (Fortinet FortiOS CVE-2018-13379, CVE-2020-12812 and CVE-2019-5591) Microsoft and Exchange. More. here
FBI allowed to hack Microsoft Exchange servers to fix vulnerabilities
In mid-April 2021, the court USA authorized the remote intervention FBI of hundreds of American servers to eliminate the consequences on hacker attack Microsoft the Exchange Server.
In March 2021, Microsoft discovered hacker attacks carried out by the Hafnium group. Four vulnerabilities in Microsoft Exchange Server allowed attackers to infiltrate servers and steal sensitive data. Microsoft managed to fix the vulnerabilities, but the patches released by the company did not remove backdoors on those servers that were hacked by hackers. As a result, other hacker groups began to use vulnerable servers to inject ransomware viruses into them.
The number of infected servers decreased as patches were installed. But hundreds of Exchange servers have long remained vulnerable as these backdoors are difficult to locate and eliminate, the U.S. Department of Justice said in a statement. The situation could become critical, so the court of the city of Houston allowed the FBI to remotely connect to hundreds of American servers in order to manually remove the web shells remaining from the hackers.
During today's operation, web shells were removed that could be used to establish constant unauthorized access to US networks, a US Department of Justice spokesman said. |
He also said that during the operation, the special service removed only backdoors, but did not fix the vulnerabilities used by hackers and did not remove the remaining malware.
This is believed to be the first known case in which FBI has effectively intervened with private servers to address the effects of cyber attacks. In 2016, the Supreme Court allowed U.S. judges to issue search and seizure warrants outside their district. At the time, critics opposed the move, fearing the FBI could apply to a friendly court to allow cyber operations anywhere in the world.[5]
Hacking 60,000 companies due to vulnerability in Microsoft Exchange Server
In March 2021, it became known about the hacking of computer systems of at least 60 thousand companies in different countries due to a vulnerability in Microsoft Exchange Server software.
According to Bloomberg, citing a former senior official in the US government, most of the victims are representatives of small and medium-sized businesses. According to the interlocutor of the news agency, hackers had already deployed a wide network of infected computers by the time Microsoft was working to eliminate the consequences of the attack.
Microsoft announced a cyber attack on Exchange Server in early March 2021. She accused the hacker group Hafnium of the attack, behind which, according to Microsoft, the Chinese authorities stand. Then the American corporation refrained from disclosing the details of the incident and only noted that the attackers were trying to get information from researchers of infectious diseases, law firms, universities, non-governmental institutions, analytical centers and a number of other organizations.
The company clarified that hackers gained access to the server using stolen passwords or software vulnerabilities that were not previously known.
On March 2, 2021, Microsoft released an emergency update for Exchange Server that should fix the vulnerability. However, by March 5, only 10% of compromised organizations had installed it, and, according to Reuters, the hacks continued.
A spokesman for the US authorities told Bloomberg on March 7, 2021 that measures are being taken at all levels of the US government to "assess and eliminate the consequences" of hackers' actions.
The threat remains and is developing, and we urge Internet network operators to take it seriously, the publication quotes the words of an unnamed White House representative.[6] |
2019: Fix vulnerabilities in Exchange Server 2019, 2016 and 2013
On January 11, 2019, Microsoft announced that it had fixed two vulnerabilities in Microsoft Exchange Server 2019, 2016 and 2013 that allow you to remotely execute code and disclose information.
According to the company, according to the notification, a vulnerability in safety remote code execution (CVE-2019-0586) exists due to incorrect processing of Exchange Server objects in memory. Its successful operation will allow you to to attacking run code in the context of a system user and, as a result, install, ON view, modify and delete, data as well as create accounts.
To exploit the vulnerability, an attacker must send a specially configured email to the vulnerable server. The problem was fixed by the manufacturer by changing the process of processing objects in memory.
The disclosure vulnerability (CVE-2019-0588) is due to the fact that the server's PowerShell API grants the calendar more permissions than required. To exploit it, an attacker must gain access to the calendar from an administrator through PowerShell. In this case, he will see information about the calendar, which under normal conditions should be hidden.
Security updates that fix both vulnerabilities are marked "important" by the manufacturer. They can be installed automatically through Windows Update or downloaded manually from the Microsoft website.[7]
2015
Microsoft Exchange Server 2016
On October 28, 2015, Microsoft announced the availability of Microsoft Exchange Server 2016 for download[8].
Supported operating systems: Windows 8.1; Windows Server 2012; Windows Server 2012 R2.
Exchange integrates with Outlook, SharePoint, and OneDrive for Business to provide collaboration opportunities, including sharing, editing, and receiving documents without having to leave Outlook. Outlook 2016 and Outlook Web inbox folders have built-in link and video previews and can focus on priorities. Enhanced search capabilities and performance.
Data Loss Prevention (DLP) functionality has been expanded. Accelerated and enhanced eDiscovery to help organizations meet all legal requirements. Exchange 2016 provides a future messaging platform with built-in hybrid capabilities and cloud migration options for on-premium clients.
Some possibilities
- Improved Collaboration: Exhnage Server 2016 includes a new approach to attachments that simplifies document sharing and eliminates the headache of managing different versions. In Outlook 2016 or the web version of Outlook, you can now attach a document as a link to SharePoint 2016 (while in preview mode) or OneDrive for Business instead of the traditional attachment, providing the benefits of collaboration and version control
- improving the experience of interacting with the web version of Outlook: New features include: switching, attaching, canceling, quick response, improving HTML rendering, new themes, emoji emojis and more.
- Search: The current search architecture provides lightning-fast performance and more accurate and complete results. Outlook 2016 is optimized to take full advantage of Exchange Server 2016 to help you find your document much faster, whether it's old mail or new.
- Extension Features - An advanced Add-In model for the desktop version of Outlook and the web version of Outlook allows developers to create new features and features in Outlook. Add-ins can now be integrated with user interface components.
Stable version of Exchange Server 2016
On October 1, 2015, Microsoft announced the release of Exchange Server 2016[9].
Despite trying to get rid of email as the preferred means of business communications, for many users, the mailbox remains an integral part of the working day. According to Microsoft, there is room for improvement by integrating some of the collaboration features available in Office.
The search has been redesigned to give "more accurate and complete results," the corporation said in a statement: "Outlook 2016 is optimized to leverage the server power of Exchange 2016 to help you find what you need faster in old and new messages. In addition, the search has become more intelligent thanks to the proposed search options, variants of people's names, refinement of search criteria and the ability to search for events in the calendar. "
Exchange Server 2016 (2015) View
Designed for mobile devices, the browser-based Outlook component has received new and slightly improved features. Users who access their mailboxes over the Internet can now pin items, undo actions and include emoticons in messages. Relative to Visual View - The web application supports line-by-line mailbox browsing and new themes. The HTML rendering engine has been improved.
Screenshot of the program window (2015)
Projects involving intensive electronic data discovery should benefit from a faster and more reliable communication channel. The new asynchronous and distributed search architecture provides increased fault tolerance through load balancing across multiple servers.
In addition to a more modern user interface and toolkit, this email server has improved administration and management.
According to Exchange developers, the Exchange 2016 architecture reflects the way Exchange is deployed in Office 365, and is an evolution and improvement in Exchange 2013. The combined mailbox and Client Access server role make it easier to plan and scale the system when deployed on your own site and in a hybrid version. It is easier to share with Exchange 2013, easier to plan the namespace.
Reduced probability of failures and failures. The ability to automatically fix the database, including detecting discrepancies between different databases, along with increased stability and performance, has created a more reliable software basis for the organization's email system, Microsoft claims.
The system is available for download from the Microsoft Download Center. Customers can test a full-featured product for 180 days.
Exchange Server 2016 Preview
On July 27, 2015, Microsoft announced the availability of a preliminary version of Exchange Server 2016. It is available to anyone who wants to familiarize themselves with it and test it. Product is scheduled for release in the second half of 2015[10].
Exchange Server 2016 is designed to work on-premises. However, it uses cloud technologies.
Exchange Server 2016, 2015 Architecture Core Block
Microsoft management described Exchange Server 2016 as the result of the evolutionary rather than revolutionary development of Exchange Server 2013 functionality, while arguing that Exchange Server 2016 had a number of improvements. According to the company, the changes affected the Outlook Web App web client - starting with this version it is called Outlook on the Web. Add-ons include Sweep, Pin, Undo, Inline reply and others. Improved rendering performance, the user interface is more convenient and intelligent than Exchange Server 2013.
Users often expressed dissatisfaction when they received different results when searching through Outlook and Outlook Web App. In the new version of Exchange, this problem is resolved, and both clients show the same results. Exchange and Outlook use an advanced search engine architecture.
Data Loss Prevention (Data Loss Prevention) capabilities have been expanded DLP - 30 types of confidential information and means for creating digital fingerprints (document fingerprinting) have been added.
In Exchange Server 2016, failover is 33% faster than in the previous version, the company claims, by reading a passive copy of the database and other improvements.
Improved automatic error correction by adding discrepancy detection tools that proactively identify corrupted database instances, allowing IT to resolve failures before users notice them.
Cloud adoption made Exchange Server 2016 easier to use in a hybrid cloud environment. Microsoft has paid increased attention to this, as support for the hybrid model allows the company to differentiate its mail system against the backdrop of competing cloud products. The Hybrid Configuration Wizard is designed to combine cloud and premium email components, which allows you to synchronize data in Exchange and Office 365.
According to Microsoft, the capabilities of Exchange Server 2016 allow Office 365 users to store their mailboxes on their site, i.e., according to an unlimited model, while continuing to use Office 365 functionality such as message encryption and threat protection.
Exchange Server 2016 pre-release is compatible with Exchange 2010 SP3 and Exchange 2013, but not Exchange 2007.
2014: Microsoft System Center 2012 R2, Dynamics CRM 2013, Exchange Server 2013 and SharePoint Server 2013 products are certified by FSTEC of Russia
In October 2014, FSUE "Enterprise for the Supply of Products of the Office of the President of the Russian Federation" and LLC "Certified Information Systems" received certificates from the Federal Service for Technical and Export Control (FSTEC of Russia) for the software products Microsoft System Center 2012 R2, Dynamics CRM 2013, Exchange Server 2013 and SharePoint Server 2013.
As specified in the Russian FSTEC certificates of conformity, System Center 2012 R2 software products (certificate# 3226), Dynamics CRM 2013 (certificate# 3228), Exchange Server 2013 (certificate# 3229), SharePoint Server 2013 (certificate# 3231), developed by Microsoft Corporation, is application software with built-in protection against unauthorized access to information, not containing information constituting a state secret implementing the functions of controlling access of access subjects to access objects and recording security events, complies with the requirements of the technical specifications, subject to the installation of all relevant mandatory certified safety updates and the implementation of operating instructions given in the relevant forms.
2013: Exchange Server 2013 Cumulative Update 3
In late November 2013, Microsoft released the Exchange Server 2013 Cumulative Update 3 email platform update. According to the corporation's plans, it should fix the problem that arises when restoring data.
Corrections
Among the fixes that Microsoft has made to this update is a problem that prevents Exchange data from being recovered from backups.
The company said in a corporate blog: "Cumulative Update 3 contains a fix for a problem that could randomly prevent Exchange Server 2013 from correctly restoring archived information." The impact of this spread to both Windows Server Backup and third-party products, noted in the KB2888315 Knowledge Base article, which describes the error.
The update is likely to get rid of troubles accompanied by error messages:
- "The Microsoft Exchange Replication service VSS Writer instance 'GUID' failed with error code 0x80070015 when preparing for a backup of database 'DatabaseName'".
- "The Microsoft Exchange Replication service VSS Writer could not obtain the log file signature for database 'DatabaseName'. The msexchangerepl service may need to be restarted and the backup retried after all copies reach a stable mounted or healthy state."
Microsoft recommends that users who regularly use the Exchange Backup and Recovery functionality "install Cumulative Update 3 and begin archiving their data to fully ensure that the data recorded in the archives can then be restored correctly."
The update fixes three critical vulnerabilities that potentially allow hackers to gain control of the Exchange server, or, in company terms, use "Remote Code Execution."
In a security bulletin, MS13-061 Microsoft warned: "these vulnerabilities make it possible to remotely execute code in the security context of the transcoding service on the Exchange server if the user previews a specially created file using Outlook Web App (OWA)." Vulnerabilities in Exchange affect the WebReady Document and Data Loss Prevention software components in Exchange 2013, 2010, and 2007.
In addition to patches, the update contains "Exchange-related Active Directory schema and configuration updates" and "new enhancements to existing functionality." Among them, Microsoft focused on:
- A more convenient procedure for adding members to new and existing groups in Exchange Administration Console
- Online RMS and non-cloud options for Exchange deployments
- a more visual administrative audit log;
- no need to use OWA Light if you have Windows 8.1 with IE11.
The company plans to release Exchange Server 2013 Cumulative Update 4 as Exchange Server 2013 Service Pack 1. According to Microsoft's recommendation, users waiting for the next package of fixes and enhancements "should consider Service Pack 1 the equivalent of Cumulative Update 4 and deploy this package in the usual way."
2012
Microsoft Exchange 2013
As of July 2012 Microsoft , Exchange 2013 enhancements include improved functionality enhancements as well as support for command mailboxes to integrate with portals. As SharePoint part of support for offline mode in the OWA web client, users can now automatically synchronize emails and actions with the server as soon as the network connection is available again. Mailboxes for groups and sites allow you to work with Exchange emails and SharePoint documents as a single piece of information.
Outlook The Web App (OWA) module now offers three different interface modes optimized for PCs, tablets and phones. Customers can refine the appearance of standard Outlook and OWA by integrating their own applications into the Office Extension Store - Office Store. To create extensions, the company Microsoft recommends using its new Napa and/or HTML5 tool.
The previous Exchange Management Console has been replaced by the EAC (Exchange Administrative Center) web interface. In addition, developers report support for up to 8 TB drives and multiple databases on each drive by grouping them using the new Data Availability Group (DAG) technology. The new version of Exchange has built-in basic malware protection - its parameters are controlled through the EAC console. This basic protection can be disabled, replaced, or combined with additional paid services, such as Exchange Online Protection for tiered protection.
New data loss prevention features help identify and protect sensitive information. Personal and secret data protection policies are based on legislative standards, including PII and PCI. In addition, Outlook 2013 now has warnings about potential policy violations if the user tries to send important information to the external environment. In addition, a single eDiscovery network resource survey is supported for all Exchange, SharePoint, and Lync servers through a common interface.
The number of server roles has been reduced to two, Client Access Server and Mailbox Server. FAST Search is now built into the managed storage of Exchange 2013, enabling efficient indexing of Microsoft servers and fast data retrieval. The procedures for storing messages in the Managed Store are fully written in C#. In addition, great attention is paid to integration with other Microsoft server platforms.
Exchange Server 2010 Certification with SP1 and System Center Service Manager 2010 with SP1
On April 2, 2012, Microsoft, FSUE "Enterprise for the Supply of Products of the Office of the President of the Russian Federation" and LLC "Certified Information Systems" announced certification by the Federal Service for Technical and Export Control (FSTEC of Russia) new Microsoft products - Exchange Server 2010 Email Server with Service Pack 1 (SP1) and System Center Service Manager 2010 Information Structure Management Server with Service Pack 1 (SP1).
As specified in certificates on Exchange Server 2010 with SP1 (№2553 от 26.01.2012) и System Center Service Manager 2010 с SP1 (No. 2555 of 26.01.2012), these Microsoft products are general-purpose software with built-in protection against unauthorized access to information that does not contain information constituting a state secret, and can be used when creating automated systems up to and including 1G security class and when creating personal data information systems up to and including class 2.
The object of certification was not only the products themselves, but also the system for accounting and distribution of certified updates, organized for these products by the Federal State Unitary Enterprise "Enterprise for the Supply of Products of the Office of the President of the Russian Federation" and LLC "Certified Information Systems." This means that customers will be able to receive any number of certified products they need for the duration of the certificate. In addition, customers of certified versions of products will receive certified updates, which will allow them to constantly comply with the requirements of Russian legislation.
2010
Microsoft Exchange Server 2010
As of June 2010, Microsoft Exchange Server 2010 is an integrated enterprise messaging and collaboration solution. The technologies implemented in the solution simplify the administration of the mail system, have voice control capabilities, including in Russian and help reduce the cost of supporting IT infrastructure. You will have to familiarize yourself with the distinctive features of the new version compared to the previous one - Microsoft Exchange Server 2007.
The main features of Microsoft Exchange are:
- Mail Processing and Forwarding
- Sharing calendars and tasks
- Mobile Support and Web Access
- Integration with Voice Messaging Systems (since Exchange 2007)
- Instant messaging support (support removed from Exchange 2003)
Features
The main feature of the server is tight integration with Active Directory: most of the user data is stored in Active Directory (communication of user accounts and mailboxes, contact lists). Only mailboxes themselves are stored separately from Active Directory (due to their significant size). With the Active Directory replication mechanism, if you use multiple Microsoft Exchange Servers, the data on all servers remains up-to-date . A hierarchical system of trust relationships between domains is also "automatically" supported.
IIS capabilities are used to work with OMA/OWA.
Supported protocols
MAPI - The main protocol for client interaction with Exchange Server, has the widest support for mail exchange and collaboration on documents, calendars and address books. Starting with Exchange Server 2007, it is also the primary communication protocol between the Mail Storage Server role (Mailbox role) and other roles of Exchange Server 2007.
* SMTP is the main protocol for forwarding mail messages on the Internet and within the Exchange organization. *
POP3 is one of the client protocols for accessing Exchange Server. *
IMAP4 is one of the client protocols for accessing Exchange Server. *
HTTP/HTTPS is one of the client protocols for accessing Exchange Server, is also used to access mobile devices to Exchange Server, and for forwarding and distributing address books and calendars to Exchange Server organization clients. *
LDAP/LDAPS SSL - Exchange Server Communication Protocol and Microsoft Windows Active Directory Service. *
DAVEx - in Exchange 2003 Exchange subsystem-IIS communication protocol, based on WebDAV.
The following clients can work with Microsoft Exchange Server
Microsoft Outlook (from Microsoft Office) is the main MAPI client for working with the server from workstations, also supports POP3/SMTP, IMAP4/SMTP, HTTPS, RSS, ATOM. *
Outlook Express (OE) is a free simplified Outlook client included in Microsoft Windows, up to Windows XP. Supports all full-version protocols except MAPI. *
Windows Mail, the successor to OE in Windows Vista, has the same characteristics. *
Outlook Web Access (OWA) - Exchange Web Client (almost full outlook functionality is supported, except for the ability to edit tasks from the scheduler and local spam filter). *
Outlook Mobile Access (OMA) - (Exchange 2000, 2003 only) extremely simplified interface for access from mobile devices of various manufacturers (interface consuming minimal traffic and optimized for screens of various resolutions). It was abolished in Exchange Server 2007, due to the global distribution of ActiveSync. *
ActiveSync is a mobile client, an analogue of Microsoft Outlook for communicators and smartphones from various manufacturers. For Exchange 2000 Server, mobile clients (Windows Mobile ActiveSync only) supported Microsoft Mobile Information Server; Exchange 2003 Server integrated these features as Exchange ActiveSync (EAS); for Exchange Server 2007, Microsoft opened and transferred the source code of the ActiveSync client to the consortium of Symbian, the manufacturer of Palm, and Apple for iPhone, and therefore ActiveSync for mobile devices was implemented not only for the Windows Mobile platform, but also for SymbianOS, PalmOS, iPhone OS and others. *
Outlook Voice Access (OVA) - Voice access system for mail functions, calendars, address book, tasks (starting with Exchange Server 2007). Supports text-to-speech in reading text messages and scheduling events in the calendar, as well as speech-to-text. It supports listening to recorded telephone voice messages, dictating response messages, notes in the calendar, forwarding messages to all invitees, as well as managing text, voice messages and events in the calendar, in the mailbox of an Exchange 2007 user. Does not require client software, access to OVA is possible from any phones that support tone dialing. The contents of the mailbox can be controlled by both voice commands and telephone keys. 16 languages of access and recognition are supported. Support for the Russian language is implemented in the next version of Exchange 14 currently under development. *
Arbitrary mail clients - using any of the above protocols, since they are all open.
Backup
Microsoft Exchange Server, up to version 2003, when installed, complements the standard Windows archiving tool - NTBackup - with support for Exchange stores. If you need to back up/restore not only mail stores, but also personal mailboxes, you can use third-party backup tools, such as Symantec Backup Exec, or the standard Restore-Mailbox feature. In Microsoft Windows Server 2008, the NTBackup tool is absent, and its analogue is unsuitable for archiving Exchange databases, instead Microsoft recommends using the Microsoft System Center Data Protection Manager (Microsoft SC DPM) server application for backing up Exchange mail databases, as well as Active Directory service information, or alternative solutions from approved vendors. The situation has been fixed with the release of Service Pack 2 for Exchange 2007, this release has components for archiving partitions with Exchange databases in a Windows Server 2008 environment.
In addition, Microsoft also publishes a list of server applications for archiving, manufacturing partner companies, for archiving Exchange Server storage. Backup of storage in a "file-by-file" form, only if the storage is disabled for the duration of backup, is extremely discouraged. The shadow copy mechanism is supported, and the ability to use it depends on the selected product for archiving.
Microsoft Exchange Server 2007
As of April 2010, within the Exchange 2007 model servers , the following server roles are allocated for (similar to the roles Windows of the 2003/2008 server):
- Mailbox server (MB)
- Client Access Server (CA)
- Hub Transport (HT)
- Edge Transport (ET)
- Unified Messaging (UM) Server
With the exception of the Edge role, all other roles can be combined in an arbitrary combination on each of the servers. The Mailbox Server, Client Access Server, and Transport Hub roles must be installed in the entire Exchange mail organization or a separate Active Directory site. As with previous versions, Exchange Server 2007 is highly discouraged from being combined with an Active Directory Domain Controller.
All Exchange Server 2007 roles must be located on:
- Windows Server 2008 or 2003 server operating systems,
- members of the Active Directory domain
except for the Border Transport Server, which is installed in the Demilitarized Zone (DMZ) of the network.
Exchange Server 2007 is fully compatible, within the Active Directory forest/Exchange organization, with Exchange 2003 and 2000 servers, and is completely incompatible with Exchange 5.5 or earlier. [edit] Exchange 2007 versions
The versions used in practical work are only 64-bit, although there is a 32-bit test version. There are two editions of Exchange 2007: Standard Edition and Enterprise Edition. Publications differ in cost, maximum number of supported storage and storage groups, support for clustering. Storage size limits for Standard and Enterprise publications are 16TB per base, in order to distribute the load between the stores. Standard and Enterprise editions of servers are free to coexist (within the limits of Standard within the responsibilities of the server).
Notes
- ↑ Ransomware gang uses new Microsoft Exchange exploit to breach servers
- ↑ Patches alone are not enough to overcome vulnerabilities in Microsoft Exchange
- ↑ New IceApple exploit infects Microsoft Exchange servers
- ↑ IcedID operators spread malware through hacked Microsoft Exhang servers
- ↑ FBI launches operation to remove backdoors from hacked Microsoft Exchange servers
- ↑ Microsoft Attack Blamed on China Morphs Into Global Crisis
- ↑ MICROSOFT EXCHANGE SERVER FIXES DANGEROUS VULNERABILITIES
- ↑ Exchange Server 2016 was released
- ↑ Microsoft released Exchange Server 2016
- ↑ What's new in Exchange Server 2016