Security News > 2021 > April > CISA gives federal agencies until Friday to patch Exchange servers
The US Cybersecurity and Infrastructure Security Agency has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday.
Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA. These Exchange vulnerabilities are capable of remote code execution, with two vulnerabilities not requiring attackers to authenticate first.
To prevent another widescale attack on Microsoft Exchange servers, CISA has updated their previously released Emergency Directive 21-02 to require all federal agencies to install today's security updates by 12:01 AM on Friday, April 16th, 2021.
Before 12:01 am Friday, April 16, 2021, Eastern Daylight Time, agencies with on-premises Microsoft Exchange servers must deploy Microsoft updates from Tuesday, April 13, 2021, to all affected Microsoft Exchange servers.
Microsoft Exchange Servers that cannot be updated within the deadline above must be immediately removed from agency networks.
CISA states that federal agencies must continue these actions until another subsequent directive is issued.
News URL
Related news
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)