Microsoft Exchange Server Vulnerabilities

Dear customer,

We are working on the aftermath of the massive exchange vulnerability that was made public this week, we also had exchange servers of customers actively attacked, fortunately it looks as if no data was stolen and no further servers were compromised. The servers do not have webshells or similar installed, however, we are purging and reinstalling all components that were involved.

We are also reviewing all network activity.

We are allocating a lot of resources to this, therefore please understand if reaction times are a little slower for the coming 1-2 weeks.
With the history of massive breaches, also and especially in cyber security companies, we are also reviewing our security and network infrastructure, the results will be share with you in a way that we might encourage changes in your architecture as well.

Best regards,
Your MCON Managed Services Team

Patchtime managament 2021 Region America and APAC

Dear customer,

year 2020 is ending and we want to wish you a happy new year 2021!

We also want to inform you about some changes in our regular security patching which needs to be done as there are many systems in many time zones meanwhile.

In order to give each system the attention which it may need after patching we will patch by region on different days.

Europe Region: we will keep the current patching, means

    • QA systems will be patched on Thursday after 2nd Tuesday each month
    • Production systems will be patched on Friday after 2nd Tuesday each month

America Region:

    • QA: On the 3rd Tuesday of each month
    • Production: The 3rd Tuesday to Wednesday night of each month

APAC Region:

    • QA: On Thursday after each 3. Tuesday of the month
    • Production: The Thursday to Friday night after each 3. Tuesday of the month

As usual patching of production systems will take place in the first hours of the day, e.g. “Friday” usually means from Friday 0 am to 5 am within the respective time zone. Patching of Development systems take place at 10 AM, QA / Stage systems take place at 2 PM.

We will send upfront notifications with exact dates as usual, however per region in future. If you have systems in several regions then you will receive several notifications.The dates for patching in Europe will stay the same as before.

We reserve the right to move patch dates, e.g. due to national holidays or later availability of upstream patches,

All the best
Your MCON Managed Services Team


As our customer you know that security of your project is our major concern. We are therefore happy to announce the availability of continuous vulnerability scanning as part of our services. We are strongly recommending continuous vulnerability scanning for all kinds of applications including rest APIs.

Our partner CRASHTEST SECURITY is providing best in class security scanning, e.g. detect OWASP top 10 vulnerabilities and provide remediation links. Scan results will be delivered to you seamlessly through our MCON infrastructure. Please get in touch with Guenther Kreuzpaintner for more details.

Coronavirus/COVID 19 – Business Continuity

Due to recent events involving the spread of the Coronavirus/COVID 19 Pandemic, we would like to inform you about our Business Continuity Plan at MCON.

We activated Coronavirus related policies around the globe for all our offices and teams. In general our business is highly independent from office locations. All governmental requests, suggestions and policies for the different regions are met and MCON will be adjust its policies as official announcements are updated. MCON will support all efforts to decelerate the spreading of the virus.

Our teams are used to have daily global standup meetings via zoom video conferencing, communication channels like IM have been implemented ages ago and are used on a daily basis, so working from home office does not disrupt our services at all. The team in China is already working from home office since Chinese New Year. All external meetings and business travel have been reduced to an absolute minimum.

We are happy and thankful that as of yet, we have had not a single case of infection with the Coronavirus in our staff or their families around the world.

You should not experience any change or disruption in the services we provide.

Thank you for your consideration and all the best for you, your co-workers and your families.

Data breach at Amazon Web Services (AWS)

On the morning of 13 January 2020, an Amazon technical employee shared sensitive information on Github. The public repository contained personal identity documents, system credentials, passwords and AWS key pairs. While the breach was detected within half an hour by a cybersecurity company and deleted from Github within about 5 hours, attackers could have gained root access to AWS accounts.

MCON clients and partners can rest assured that their data and credentials are not compromised by the data breach above. We never share credentials – not even with AWS – and all credentials are stored encrypted inside secure MCON facilities. 

If you use AWS services or AWS credentials not secured and monitored by MCON, you might want to investigate further to make sure neither your databases, nor mail servers hosted on AWS are affected.