Security News > 2021 > March > CISA gives federal agencies 5 days to find hacked Exchange servers
The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days.
CISA issued another directive ordering federal agencies to urgently update or disconnect their Exchange on-premises servers after Microsoft released security updates for zero-day bugs collectively dubbed ProxyLogon.
Earlier this month, CISA officials said that, so far, no US federal civilian agencies were compromised in ongoing attacks targeting vulnerable Exchange servers.
"Specifically, this update directs federal departments and agencies to run newly developed tools -Microsoft's Test-ProxyLogon.ps1 script and Safety Scanner MSERT-to investigate whether their Microsoft Exchange Servers have been compromised," the CISA said.
The emergency directive also requires that all agencies further harden their on-premises Exchange servers by 12:00 PM EDT on Monday, June 28, 2021.
"Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review the supplemental direction [.] for additional information," CISA added.