Security News > 2021 > March > DHS orders agencies to urgently patch or disconnect Exchange servers
The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks.
CISA "Strongly" recommended federal agencies to examine their networks to detect malicious activity related to zero-day attacks targeting Exchange servers.
"If no indications of compromise have been found, agencies must immediately apply Microsoft patches for Microsoft Exchange servers and proceed to Action 5," CISA added.
Agencies that identify indications of compromise should "Immediately disconnect Microsoft Exchange on-premises servers" and "Await guidance before rebuilding from trusted sources utilizing the latest version of the product available."
The attacks target US organizations from multiple industry sectors and are attempting to exploit Internet-exposed on-premises Exchange servers to steal sensitive information.
Microsoft identified a fourth Chinese-backed group named Hafnium observed while attacking US orgs' on-premises Exchange servers.