Exchange Team Blog

You Had Me at EHLO..

  • 1,857 Blog Articles
Options
313K
The_Exchange_Team on 03-02-2021 01:08 PM
10.3K
The_Exchange_Team on 02-25-2021 10:14 AM
10.6K
The_Exchange_Team on 02-22-2021 07:03 AM
7,176
The_Exchange_Team on 02-11-2021 07:26 AM
30K
The_Exchange_Team on 02-04-2021 09:00 AM
6,883
The_Exchange_Team on 02-03-2021 08:10 AM
7,410
The_Exchange_Team on 02-02-2021 08:56 AM
11.4K
The_Exchange_Team on 01-22-2021 03:03 PM
6,933
The_Exchange_Team on 01-21-2021 11:37 AM
12.7K
The_Exchange_Team on 01-19-2021 08:50 AM
8,062
The_Exchange_Team on 01-15-2021 09:23 AM
6,335
The_Exchange_Team on 01-11-2021 01:32 PM
51.6K
The_Exchange_Team on 12-15-2020 08:37 AM
13K
The_Exchange_Team on 11-19-2020 10:33 AM
10.6K
The_Exchange_Team on 11-17-2020 03:29 PM
13.4K
The_Exchange_Team on 10-29-2020 09:23 AM
23K
The_Exchange_Team on 10-27-2020 12:59 PM
12K
The_Exchange_Team on 10-22-2020 11:34 PM
18.8K
The_Exchange_Team on 10-19-2020 07:37 AM
9,882
The_Exchange_Team on 10-16-2020 11:16 AM
11.7K
The_Exchange_Team on 10-07-2020 06:32 AM
14.1K
The_Exchange_Team on 10-05-2020 11:34 AM
99.5K
The_Exchange_Team on 09-22-2020 08:01 AM
8,709
The_Exchange_Team on 09-22-2020 08:00 AM
9,016
The_Exchange_Team on 09-22-2020 08:00 AM
18.2K
The_Exchange_Team on 09-22-2020 08:00 AM
13.4K
The_Exchange_Team on 09-22-2020 08:00 AM
20.8K
The_Exchange_Team on 09-22-2020 08:00 AM
10.2K
The_Exchange_Team on 09-16-2020 12:32 PM
40.7K
The_Exchange_Team on 09-15-2020 07:00 AM

Latest Comments

We are seeing HTTP status code 241 in IIS logs taken from compromised Exchange servers - is this something that anyone else has noticed or is there someone at Microsoft who can collaborate this unusual code appearing in logs?
0 Likes
@Nino Bilic Thanks Nino. I saw that and just ran it this morning. Came back clean. So I feel based on the information we have up to this point we were very lucky. Do you think it can be said with reasonable confidence that if all you found were Autodiscover log entries and MSERT did not find anythin...
0 Likes
@JamesTechnet - FYI, there is a new development that can help here (with remediation): the MSTIC team has updated their post about March vulnerabilities (scroll all the way down) to mention that the Microsoft Safety Scanner - MSERT tool has been updated to scan Exchange server.
1 Likes
Hey everyone, Regarding folks who only saw autodiscover attempts for the administrator email (myself included), I made a poll on Reddit to try to gather more info to see if everyone who had further signs of compromise such as webshells being dropped actually had an active administrator account. If y...
0 Likes
Hi, Can someone help verify the steps to put exchange to maintenance mode in this article is valid? https://ehloexchange.com/exchange-maintenance-mode/ so after put the exchange in maintenance mode > run ELEVATED command prompt to install the update Once the update complete and server is restarted, ...
0 Likes
Blog Dashboard