CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities - Hexafusion Blog | Hexafusion
  • Contact Us At


  • E-Mail Us @

Hexafusion Blog

CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities


Remediating Microsoft Exchange Vulnerabilities

On March 2, 2021, Microsoft released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server products. On March 3, after CISA and partners observed active exploitation of vulnerabilities, CISA issued Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities and Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities.

For Leaders:

An adversary can exploit this vulnerability to compromise your network and steal information, encrypt data for ransom, or even execute a destructive attack. Leaders at all organizations must immediately address this incident by asking their IT personnel:

  • What steps your organization has taken;
  • Whether your organization has the technical capability to follow the guidance provided below; and
  • If your organization does not have the capability to follow the guidance below, whether third-party IT security support has been requested.

Leaders should request frequent updates from in-house or third-party IT personnel on progress in implementing the guidance below until completed.

For IT Security Staff:

As exploitation of these vulnerabilities is widespread and indiscriminate, CISA strongly advises all system owners complete the following steps:

  1. If you have the capability, follow the guidance in CISA Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities to create a forensic image of your system.
  2. Check for indicators of compromise (IOCs) by running the Microsoft IOC Detection Tool for Exchange Server Vulnerabilities.
  3. Immediately update all instances of on-premises Microsoft Exchange that you are hosting.
  4. If you are unable to immediately apply updates, follow Microsoft’s alternative mitigations in the interim. Note: these mitigations are not an adequate long-term replacement for applying updates; organizations should apply updates as soon as possible.
  5. If you have been compromised, follow the guidance in CISA Alert AA21-062A. For additional incident response guidance, see CISA Alert AA20-245A: Technical Approaches to Uncovering and Remediating Malicious ActivityNote: Responding to IOCs is essential to evict an adversary from your network and therefore needs to occur in

News reource:

Apple Issues Patch for Remote Hacking Bug Affectin...
Everything you need to know about the Microsoft Ex...

By accepting you will be accessing a service provided by a third-party external to

Customer Login

News & Updates

Hexafusion is proud to announce the launch of our new website at The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...

Contact us

Learn more about what Hexafusion can do for your business.

250 - 997 Seymour Street
Vancouver, British Columbia V6B 3M1