hafnium exploit

It's episode 900! Richard brings friend Dana Epp onto the show to talk a bit about the last one hundred episodes of RunAs Radio - and a little look to the future as well. With Dana around, you know there will be lots of security conversation. Over the past hundred shows, ransomware has had quite the story arc, especially around Exchange Server and other products. The conversation then turns to more future-looking topics, including the various Microsoft Copilots being built - could these be tools to help sysadmins? Probably a topic for episode 1000!

Links:

• Windows Sandbox
• Microsoft Viva
• Microsoft Purview Data Loss Prevention

Recorded September 15, 2023

Is your Exchange server one of the vulnerable ones? Richard talks to Gareth Gudger about the ongoing security concerns around on-premises Exchange servers. The conversation addresses a blog post by the Exchange server team about restricting access of potentially vulnerable Exchange servers to Exchange Online. But, as Gareth explains, this has to do with hybrid Exchange, where your on-premises server can access Exchange Online in a privileged state. What is the right thing to do to limit exploits in Exchange? Keeping up with the latest versions, patching, and ultimately maintaining your entire infrastructure, especially Active Directory - all play a role in securing on-premises infrastructure. Stay vigilant!

Links:

• Blocking Email from Vulnerable Exchange Servers
• Tony Redmond's Comment on the Blog Post
• Deprecation of Remote PowerShell
• Re-enabling or Extending RPS
• Exchange Online PowerShell v3
• Exchange Server 2013 End of Support
• Turning off your Last Exchange Server
• Office 365 for IT Pros

Recorded April 4, 2023