Security News > 2021 > April > DHS Gives Federal Agencies 5 Days to Identify Vulnerable MS Exchange Servers

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has issued a supplemental directive requiring all federal agencies to identify vulnerable Microsoft Exchange servers.

Providing additional direction on the implementation of CISA Emergency Directive 21-02, which on March 3 requested federal agencies to take the necessary steps to disconnect and update Exchange servers, the new directive demands agencies to accelerate the mitigation process.

The new requirements are meant to complement the initial directive and apply to all operational Exchange servers that are either hosted by or on behalf of federal agencies and which had been connected to the Internet "At any time since January 1, 2021.".

CISA says that federal agencies did respond to the Emergency Directive and triaged and updated Exchange servers hosted in the federal enterprise, but also notes that the new directions are meant to help identify possibly undetected compromise.

"Since the original issuance of ED 21-02, Microsoft has developed new tools and techniques to aid organizations in investigating whether their Microsoft Exchange servers have been compromised. CISA also identified Microsoft Exchange servers still in operation and hosted by federal agencies that require additional hardening," CISA said in an advisory.

"MSERT only scans when manually triggered and it is updated frequently. Agencies must download the latest version of this tool before each scan. Running MSERT in Full Scan mode may cause server resource utilization to peak. Accordingly, CISA recommends agencies run the tool during off-peak hours," CISA warns.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/f0E9Mp43OqY/dhs-gives-federal-agencies-5-days-identify-vulnerable-ms-exchange-servers