CISA to Federal Agencies: Immediately Patch or Disconnect Microsoft Exchange Servers

  /     /     /  
Publicated : 23/11/2024   Category : security

CISA to Federal Agencies: Immediately Patch or Disconnect Microsoft Exchange Servers


The US Department of Homeland Security agencys new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.


The US Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) today issued an emergency directive calling for civilian federal agencies with on-premises Microsoft Exchange Servers to either update their software with newly released Microsoft patches or take the products offline until they can patch them.
ED-21-02 also calls for agencies to gather forensic images and, after patching, to look for known indicators of compromise in the wake of Microsofts revelation that four zero-day flaws in Exchange are being abused by a nation-state group believed to be out of China. CISA also
published technical details and indicators of compromise today
.
This Emergency Directive will help us secure federal networks against the immediate threat while CISA works with its interagency partners to better understand the malicious actor’s techniques and motivations to share with our stakeholders, said Acting CISA Director Brandon Wales. The swiftness with which CISA issued this Emergency Directive reflects the seriousness of this vulnerability and the importance of all organizations – in government and the private sector – to take steps to remediate it.
CISA said it worked with the National Security Agency, Microsoft, and security researchers to provide detection and mitigation steps for the threats. 
Read the full Emergency Directive (ED) 21-02
.
 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
CISA to Federal Agencies: Immediately Patch or Disconnect Microsoft Exchange Servers