Security - Priasoft

Exchange 2019 Patches Just Ended. Here Is What IT Teams Need to Do This Month.

Priasoft Migration Suite for Exchange (PMSE)

On April 14, 2026, Microsoft issued the last security patch it will ever release for Exchange Server 2016 and Exchange Server 2019. If your organization is still running either version, you are now on a server that cannot be secured — only replaced.

This is not a grace period. Extended Security Updates are over. The patch window is closed permanently.

What End of Extended Support Actually Means

Microsoft’s support lifecycle has two phases: mainstream support (new features, bug fixes, security patches) and extended support (security patches only). Exchange 2019 mainstream support ended January 9, 2024. Extended support ended April 14, 2026.

After extended support ends, Microsoft stops publishing security updates. Researchers continue finding vulnerabilities. Attackers continue exploiting them. Your server does not get fixed.

For a system that handles authentication, inbound SMTP, and in many organizations, calendar and contacts for the entire company, that is a meaningful exposure.

The Enforcement System That Is Already Running

Microsoft has a live transport enforcement system in Exchange Online that identifies “persistently vulnerable” on-premises servers and throttles, then blocks, their ability to send mail to Exchange Online. The system has been active since 2025 and covers any server that is end-of-life or significantly behind on patches.

With Exchange 2019 now permanently unpatched, servers running it will eventually trigger this system. The timeline depends on when new vulnerabilities are discovered and when Microsoft’s scanner flags your specific build. But the direction is clear: staying on Exchange 2019 is not a stable long-term posture.

Once flagged, you have 90 days to remediate before mail flow is blocked. Remediation at that point means migration — there are no more patches to apply.

What IT Teams Should Do This Month

If you are running Exchange 2016 or 2019, here are the immediate steps:

Confirm your current build. Run Get-ExchangeDiagnosticInfo or check the Exchange Admin Center. Know your exact version and CU level.
Apply the last available CU and SU now. Exchange 2019 CU15 with the April 2025 Security Update is the final patch set. If you have not applied it, do so immediately — it is the last protection you will get.
Audit your hybrid configuration. Understand how your on-premises server connects to Exchange Online. Note any applications using EWS, SMTP AUTH, or Basic authentication — each of these has a 2026 deprecation deadline.
Identify what is keeping you on-premises. For most organizations still on Exchange 2019, the answer is public folders. Audit them with Public Folder Analyzer — free, runs in under an hour, gives you the scope you need to plan migration.
Start planning the migration now. Not next quarter. The 90-day enforcement clock starts the moment Microsoft flags your server. You do not control when that happens.

The Other 2026 Deadlines You Need to Know

Exchange 2019 reaching end of support is the headline, but it lands alongside several other Microsoft deprecations that affect hybrid environments:

SMTP AUTH Basic auth — retired from Exchange Online in March 2026
Legacy ActiveSync clients below EAS 16.1 — blocked from Exchange Online as of March 1, 2026
Exchange Web Services (EWS) in Exchange Online — phased retirement begins October 1, 2026; full shutdown April 2027

If your environment touches any of these — and most hybrid environments do — the window to act without disruption is narrowing.

The Path Forward

For most organizations, migration to Exchange Online is the right answer. For those with regulatory or operational reasons to stay on-premises, Exchange Server Subscription Edition (Exchange SE) is the current supported version.

Either way, the migration off Exchange 2019 is not optional — it is a matter of when, and whether you control the timing or Microsoft’s enforcement system does.

Priasoft’s Migration Suite for Exchange handles Exchange-to-Exchange and Exchange-to-Office 365 migrations including cross-forest, inter-org, and hybrid scenarios. Speak with an engineer about your environment, or start with a free trial download.

May 5, 2026

The Hidden Dangers of Public Folders: Shocking Statistics Every IT Manager Needs to Know

eDiscovery, Guide, Microsoft 365, Public Folders, Security, Technical

Exchange public folder security risks for IT managers

Discover the hidden dangers of public folders and the alarming state of their security. Learn how to mitigate risks.

Urgent Alert: Microsoft to Block Emails from Unsupported Exchange Servers – Risks and Solutions

Microsoft 365, Security, Technical

Last reviewed: April 2026 — checked against current Microsoft product lifecycle and Exchange Online enforcement timelines.

Microsoft has issued an alert regarding the risks of unaddressed Exchange Server patching and security issues that can impact email delivery speed and potentially lead to email throttling if not addressed. If these issues are not resolved within 30 days, emails may be blocked, causing severe disruptions in communication with customers and partners. Read on for vital information on how to mitigate these risks and safeguard your email operations.

Microsoft’s recent announcement highlights that unresolved issues on unsupported or outdated On-premises Exchange servers can result in security and other potential risks. Customer should address these issues as quickly as possible to avoid Microsoft taking action in the form of email throttling, causing significant delays in email delivery. This can lead to missed opportunities, frustrated customers, and damaged business reputation. However, the urgency goes beyond that. If these issues are not addressed within 30 days, Microsoft may take further action and block emails from these servers, resulting in disruptions in communication.

We’ve said many times that it is critical for customers to protect their Exchange servers by staying current with updates and by taking other actions to further strengthen the security of their environment, Microsoft

To avoid such consequences, it’s crucial to take immediate action. Here are critical steps to protect your business:

Address Known Issues: Conduct a comprehensive review of your Exchange servers for any known issues or errors and resolve them promptly. This may involve applying relevant patches, updates, or configuration changes to eliminate potential bottlenecks in email delivery.
Keep Exchange Servers Up to Date: Ensure your Exchange servers are running the latest supported version and have all the necessary security updates applied. Regularly monitor for new updates and apply them promptly to maintain a secure and reliable email communication environment.
Monitor Email Delivery Speed: Keep a close eye on the speed of email delivery from your Exchange servers to Exchange Online. If you notice significant delays, investigate and resolve any potential throttling issues promptly to prevent prolonged disruptions.
Seek Expert Assistance: If you’re unsure about the status of your Exchange servers or need help with addressing issues and monitoring email delivery speed, consider seeking assistance from IT professionals or Microsoft support for timely resolution.
Leverage the new Mail Flow Report: Microsoft will release and new report in the Admin Center that will provide information about Exchange servers that are unsupported in their environment.

The risks of unaddressed issues on your on-premises Exchange servers are imminent, with the potential for email throttling and complete blockage within 30 days. Don’t wait for disruptions to occur – take immediate and proactive steps to address known issues, keep your Exchange servers up to date, monitor email delivery speed, and seek expert assistance if needed.

In conclusion, Microsoft’s urgent alert underscores the need for immediate action to mitigate risks and ensure uninterrupted email operations. Take the necessary steps to address issues, keep your Exchange servers up to date, monitor email delivery speed, and seek expert assistance if required. By taking proactive action now, you can prevent email throttling, potential blockage, and maintain seamless email communication with your customers and partners. Act urgently to safeguard your business from the risks of unaddressed issues on your Exchange servers.

To learn more see Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online.

April 7, 2023

Shhh…It’s a Secret: How Office 365 Secret Cloud Provides Top-Level Security

Microsoft 365, News, Security, Technical

Microsoft Office 365 is now available for US National Security Missions.

The Office 365 Secret Cloud provides a secure and compliant cloud environment for classified communications and collaboration. This capability is critical for national security agencies that need to protect sensitive information from cyber threats and foreign adversaries.

The Office 365 Secret Cloud is built on Microsoft’s Government Community Cloud (GCC) High infrastructure, which has been authorized by the Department of Defense (DoD) for Impact Level 5 (IL5) workloads. The IL5 designation means that the cloud environment is suitable for the most sensitive unclassified and classified information, including national security data.

One of the key benefits of the Office 365 Secret Cloud is that it enables collaboration and communication between different national security agencies. With traditional communication methods, it can be difficult to share information between agencies due to security concerns and restrictions. The Office 365 Secret Cloud allows authorized personnel from different agencies to securely collaborate and communicate in real-time, making it easier to share information and coordinate efforts.

The Office 365 Secret Cloud also provides a range of security features to protect classified information. These include multi-factor authentication, encryption at rest and in transit, and threat detection and response capabilities. In addition, Microsoft employs a dedicated team of security experts who monitor the environment 24/7 and respond to any security incidents that may occur.

The availability of the Office 365 Secret Cloud for US National Security Missions is a significant milestone for Microsoft and for the national security community. It demonstrates Microsoft’s commitment to providing secure and compliant cloud solutions for the most sensitive workloads, and it enables national security agencies to work more efficiently and effectively by providing a secure environment for collaboration and communication.

In conclusion, the Office 365 Secret Cloud is a game-changer for US National Security Missions. It provides a secure and compliant cloud environment for classified communications and collaboration, enabling national security agencies to work more efficiently and effectively. With the Office 365 Secret Cloud, authorized personnel from different agencies can securely collaborate and communicate in real-time, making it easier to share information and coordinate efforts. This capability is critical for protecting national security data from cyber threats and foreign adversaries.

To learn more or to start a project discussion – Request to speak to an Engineer.

April 4, 2023

Stay Ahead of the Game: Protecting Yourself from the Latest Outlook Security Threat

Microsoft 365, News, Security, Technical

Microsoft Outlook is one of the most popular email clients used by millions of individuals and businesses worldwide and is the target of the latest Outlook Security Threat. It provides a user-friendly interface and advanced features for managing emails, calendars, tasks, and contacts. However, like any other software, Outlook is not immune to security vulnerabilities, and cybercriminals often target it to exploit such vulnerabilities for their nefarious activities.

Recently, Microsoft released a security advisory about a critical vulnerability that affects various versions of Microsoft Outlook on Windows and Mac operating systems. This vulnerability, tracked as CVE-2021-28482, is a remote code execution flaw that can enable an attacker to execute malicious code on the victim’s system by sending a specially crafted email to their Outlook account.

The vulnerability can be exploited when the user opens an email containing a specially crafted file that triggers the execution of the malicious code. Once executed, the attacker can take over the victim’s system, steal sensitive data, install malware, and carry out other cyber attacks.

To protect yourself from this vulnerability, it is essential to take the following steps:

Update your Outlook software immediately: Microsoft has released security patches for all affected versions of Outlook. Users should install the latest updates as soon as possible to prevent exploitation of the vulnerability. If you have enabled automatic updates, you may already have received the update. If not, check for updates and install them immediately.
Be cautious when opening emails from unknown senders or suspicious emails: To prevent exploitation of the vulnerability, it is crucial to be wary of any unsolicited emails or emails from unknown senders. If you receive an email from an unknown sender, do not open it and delete it immediately. If you receive an email with suspicious attachments, do not open the attachments or click on any links within the email.
Use antivirus software: Antivirus software can help prevent malicious code from executing on your system. It can detect and block malware and other cyber threats, including those that exploit vulnerabilities in Outlook.
Keep your operating system and other software up-to-date: Outdated software, including your operating system and other applications, can create security vulnerabilities that can be exploited by cybercriminals. Make sure to install updates regularly to keep your system secure.

In conclusion, the latest critical vulnerability in Microsoft Outlook highlights the importance of taking proactive steps to secure your system. By updating your software, being cautious when opening emails, using antivirus software, and keeping your operating system and other software up-to-date, you can help protect yourself and your data from cyber threats.

March 28, 2023

Microsoft Exchange Backdoor, LightNeuron, Gives Hackers Unprecedented Access and Control

Security, Technical

Cyberespionage group, Turla, has reportedly developed a sophisticated Microsoft Exchange server backdoor that can redirect, intercept and modify email that is believed to have been in use since 2014. In addition, the exploit can also send messages on behalf of the compromised servers. According to the ESET report, LightNeuron has two main components: a Transport Agent, registered in the Microsoft Exchange configuration, and a DLL with most of the malicious code. Administrative privileges are required to drop the required files onto the Microsoft Exchange server before execution. Once successfully executed, the hackers that installed the backdoor can issue orders using JPG or PDF attachments with commands embedded via steganography. To learn more, see the detailed ESET report.

October 22, 2021

FBI warns of new email auto-forwarding scam targeting vulnerabilities in web based email clients amongst Covid19 Pandemic

News, Security

Scammers are exploiting auto-forwarding rules to boost the success rate of so-called Business Email Compromise (BEC) attacks, the FBI said in a statement.

BEC is a sophisticated scam targeting businesses that perform electronic payments such as wire or automated clearing house transfers. A cyber criminal initially compromises a business email account through social engineering or computer intrusion techniques. Following the initial intrusion, the cyber criminal uses the system access to conduct reconnaissance on the victim’s email communications. Using information gathered from the compromised accounts and reconnaissance efforts created by system access following the initial intrusion, the cyber criminal then impersonates an employee over email communications to redirect pending or future payments to fraudulent bank accounts. BEC actors create auto-forwarding rules within email accounts after they obtain employee credentials to decrease the victims’ ability to observe fraudulent communications. This allows cyber-criminals to better conceal their scamming activities, the FBI said, adding that scammers are doing this as the COVID-19 pandemic necessitates more teleworking, another factor increasing the likelihood of success. To learn more, see the FBI statement located here.

December 2, 2020

Could Office 365 Directory Based Edge Blocking be causing 550 5.4.1 Recipient address rejected: Access denied NDR’s when using Mail-enabled Public Folders?

Security

Is your Exchange Server an open backdoor to hackers?

Security

A New Research Article By Cyber-Security Firm ESET Outlines A Complex Backdoor Hack Specifically Targeting Microsoft Exchange Servers.

The exploit, called LightNeuron, works as an MTA agent and allows hackers to gain full control over all mail traffic, including the ability to intercept, redirect, or modify the content of inbound and outbound messages. Obviously, this is a serious systems compromise that can easily go undetected.

This exploit is the real deal and has been tied to a group of hackers known as Turla APT who have been credited with some complicated and destructive hacks.

Once a Microsoft Exchange server is infected, hackers never need to connect to it directly. Instead, they send command and control emails with hidden commands imbedded in PDF or JPG attachments using a strategy known as steganography.

We encourage you to review the ESET white paper that outlines the attack in more detail and also provides detailed removal instructions.

Download the white paper here.

May 22, 2019

Department of Homeland Security Warns About DNS Hijacking

News, Security, Technical

On January 22, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued a Emergency Directive – 19-01 – outlining steps you can take to mitigate a new threat discovered of DNS tampering / hijacking.

Hackers capturing user credentials that have the authority to make changes to the Domain Name System (DNS), through fishing or other means, have been redirecting web, email, and potentially other traffic to systems they control. In some instances they intercept data and can even store and forward the received data to further hide the malicious activity to avoid or prolong detection by the targeted entity.

At Priasoft, we understand that security is a top concern for IT and are working hard on new security technologies that we are bringing to market in Q3 2019 that can mitigate this type of threat. We have several security products we are bringing to market to combat the security vectors we see as under severed and unprotected, including DNS and email phishing. If you would like to receive early notification as we complete the testing, development, and release cycles please contact us here.

We have outlined the background in the directive below and encourage administrators that have credentials to manage DNS to review key DNS records, change their passwords, and fully read the DHS directive to avoid being compromised by this latest attack technique.

Background from the DHS Directive

Using the following techniques, attackers have redirected and intercepted web and mail traffic, and could do so for other networked services.

The attacker begins by compromising user credentials, or obtaining them through alternate means, of an account that can make changes to DNS records.
Next, the attacker alters DNS records, like Address (A), Mail Exchanger (MX), or Name Server (NS) records, replacing the legitimate address of a service with an address the attacker controls. This enables them to direct user traffic to their own infrastructure for manipulation or inspection before passing it on to the legitimate service, should they choose. This creates a risk that persists beyond the period of traffic redirection.
Because the attacker can set DNS record values, they can also obtain valid encryption certificates for an organization’s domain names. This allows the redirected traffic to be decrypted, exposing any user-submitted data. Since the certificate is valid for the domain, end users receive no error warnings.

In closing, attackers are becoming more and more creative in the types of attacks and this DNS attack is just one of the many new threat vectors IT needs to monitor and secure. More than ever, IT needs to remain diligent to avoid being the victims of attacks.

February 7, 2019