Security News > 2021 > April > CISA gives federal agencies until Friday to patch Exchange servers
The US Cybersecurity and Infrastructure Security Agency has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday.
Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA. These Exchange vulnerabilities are capable of remote code execution, with two vulnerabilities not requiring attackers to authenticate first.
To prevent another widescale attack on Microsoft Exchange servers, CISA has updated their previously released Emergency Directive 21-02 to require all federal agencies to install today's security updates by 12:01 AM on Friday, April 16th, 2021.
Before 12:01 am Friday, April 16, 2021, Eastern Daylight Time, agencies with on-premises Microsoft Exchange servers must deploy Microsoft updates from Tuesday, April 13, 2021, to all affected Microsoft Exchange servers.
Microsoft Exchange Servers that cannot be updated within the deadline above must be immediately removed from agency networks.
CISA states that federal agencies must continue these actions until another subsequent directive is issued.
News URL
Related news
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)