Security News > 2021 > March > CISA Orders Federal Agencies to Patch Exchange Servers
"CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action," reads the March 3 alert.
"With organizations migrating to Microsoft Office 365 en masse over the last few years, it's easy to forget that on-premises Exchange servers are still in service," Saryu Nayyar, CEO, Gurucul, said via email.
CISA is requiring federal agencies to take several steps in light of the spreading attacks.
If no indicators of compromise have been found, agencies must immediately patch, CISA added.
If agencies can't immediately patch, then they must take their Microsoft Exchange Servers offline.
"The increasing role of government agencies in leading a coordinated response against attacks. CISA's directive for agencies to report back on their level of exposure, apply security fixes or disconnect the program is the latest in a series of increasingly regular emergency directives that the agency has issued since it was established two years ago. Vulnerabilities like these demonstrate the necessity for these coordinated national protective measures to efficiently and effectively mitigate the effects of attacks that could have major national security implications."
News URL
https://threatpost.com/cisa-federal-agencies-patch-exchange-servers/164499/
Related news
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
- CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September (source)
- To patch this server, we need to get someone drunk (source)
- CISA warns of actively exploited Apache HugeGraph-Server bug (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)