Hexafusion Blog

CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities

Hexafusion Blog
microsoft-exchange-server-vs-exchange-online-hack-vulnerability

Remediating Microsoft Exchange Vulnerabilities

On March 2, 2021, Microsoft released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server products. On March 3, after CISA and partners observed active exploitation of vulnerabilities, CISA issued Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities and Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities.

For Leaders:

An adversary can exploit this vulnerability to compromise your network and steal information, encrypt data for ransom, or even execute a destructive attack. Leaders at all organizations must immediately address this incident by asking their IT personnel:

  • What steps your organization has taken;
  • Whether your organization has the technical capability to follow the guidance provided below; and
  • If your organization does not have the capability to follow the guidance below, whether third-party IT security support has been requested.

Leaders should request frequent updates from in-house or third-party IT personnel on progress in implementing the guidance below until completed.

For IT Security Staff:

As exploitation of these vulnerabilities is widespread and indiscriminate, CISA strongly advises all system owners complete the following steps:

  1. If you have the capability, follow the guidance in CISA Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities to create a forensic image of your system.
  2. Check for indicators of compromise (IOCs) by running the Microsoft IOC Detection Tool for Exchange Server Vulnerabilities.
  3. Immediately update all instances of on-premises Microsoft Exchange that you are hosting.
  4. If you are unable to immediately apply updates, follow Microsoft’s alternative mitigations in the interim. Note: these mitigations are not an adequate long-term replacement for applying updates; organizations should apply updates as soon as possible.
  5. If you have been compromised, follow the guidance in CISA Alert AA21-062A. For additional incident response guidance, see CISA Alert AA20-245A: Technical Approaches to Uncovering and Remediating Malicious ActivityNote: Responding to IOCs is essential to evict an adversary from your network and therefore needs to occur in

News reource: https://us-cert.cisa.gov/remediating-microsoft-exchange-vulnerabilities

LinkedIn
Apple Issues Patch for Remote Hacking Bug Affectin...
Everything you need to know about the Microsoft Ex...

About the author

Farzad

Farzad

Farzad Barari is founder and president of Hexafusion Canada Inc, where he leads the architecture, development and operation of the client's infrastructure, platforms, services, applications, cyber security and compliance.

Farzad has held technology leadership and individual contributor roles at numerous technology and consulting companies, including Purdys Chocolatier, Webtake Co, RTP Co and Siemens.

Author's recent posts
More posts from author

By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/

Posts by Topic

Tag Cloud

Blog Archive

2021
January (21)
February (2)
March (9)
April (6)
May
June
July
August
September
October
November
December
2020

Mobile? Grab this Article

QR Code