CISA Asks Agencies to Apply Patches to Microsoft Exchange On-Premises Servers Via Emergency Directive

CISA Asks Agencies to Apply Patches to Microsoft Exchange On-Premises Servers Via Emergency Directive
NCSC Insider Threat Mitigation Report

The Cybersecurity and Infrastructure Security Agency has released an emergency directive requiring agencies to update their on-premises Microsoft Exchange Servers with security patches or disconnect the products. CISA said Wednesday that all agency chief information officers should submit a report by Friday, March 5, using the provided template to inform CISA about their status.

Microsoft issued the security updates after it found that a state-sponsored threat actor operating from China, called Hafnium, was targeting defense contractors, law firms, policy think tanks, infectious disease researchers and other entities to steal data by compromising on-premises Exchange Server software.

“Neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network,” the directive reads.

CISA also directed agencies to acquire forensic images, identify indicators of compromise and report to the agency the presence of web shell code on a compromised server, unauthorized access to accounts and evidence of lateral movement of malicious actors that have access to compromised servers.

CISA said it will issue additional indicators of compromise as soon as they become available, offer technical support to agencies without capabilities to comply with the directive and submit a report on outstanding issues to the secretary of the Department of Homeland Security and director of the Office of Management and Budget by April 5.

You may also be interested in...

Ylli Bajraktari

Ylli Bajraktari: DOD Must Take Action to Accelerate AI Adoption

Ylli Bajraktari, executive director of the National Security Commission on Artificial Intelligence, said the Department of Defense must modernize its digital infrastructure to accommodate faster AI development across the military. Bajraktari said this and three other AI-focused recommendations for the DOD in an opinion piece published Monday at Defense One.