Security News > 2021 > March > CISA Orders Federal Agencies to Patch Exchange Servers

CISA Orders Federal Agencies to Patch Exchange Servers
2021-03-04 17:08

"CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action," reads the March 3 alert.

"With organizations migrating to Microsoft Office 365 en masse over the last few years, it's easy to forget that on-premises Exchange servers are still in service," Saryu Nayyar, CEO, Gurucul, said via email.

CISA is requiring federal agencies to take several steps in light of the spreading attacks.

If no indicators of compromise have been found, agencies must immediately patch, CISA added.

If agencies can't immediately patch, then they must take their Microsoft Exchange Servers offline.

"The increasing role of government agencies in leading a coordinated response against attacks. CISA's directive for agencies to report back on their level of exposure, apply security fixes or disconnect the program is the latest in a series of increasingly regular emergency directives that the agency has issued since it was established two years ago. Vulnerabilities like these demonstrate the necessity for these coordinated national protective measures to efficiently and effectively mitigate the effects of attacks that could have major national security implications."


News URL

https://threatpost.com/cisa-federal-agencies-patch-exchange-servers/164499/