CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange ServersCISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers
The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
March 4, 2021
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today issued an emergency directive calling for civilian federal agencies with on-premises Microsoft Exchange Servers to either update their software with newly released Microsoft patches or take the products offline until they can patch them.
ED-21-02 also calls for agencies to gather forensic images and, after patching, to look for known indicators of compromise in the wake of Microsoft's revelation that four zero-day flaws in Exchange are being abused by a nation-state group believed to be out of China. CISA also published technical details and indicators of compromise today.
"This Emergency Directive will help us secure federal networks against the immediate threat while CISA works with its interagency partners to better understand the malicious actor’s techniques and motivations to share with our stakeholders," said Acting CISA Director Brandon Wales. "The swiftness with which CISA issued this Emergency Directive reflects the seriousness of this vulnerability and the importance of all organizations – in government and the private sector – to take steps to remediate it."
CISA said it worked with the National Security Agency, Microsoft, and security researchers to provide detection and mitigation steps for the threats.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks