CISA Ordered the Federal Agencies to Patch Exchange Server Before Friday !

Post author:Xiarch Security
Post published:April 14, 2021
Post category:Consulting
Post comments:0 Comments

Today, Microsoft released another security update for the Microsoft Exchange Vulnerabilities that was identified by NSA. However, CISA has ordered the federal agencies to download and upgrade the newly released version of Microsoft Exchange security.

These vulnerabilities discovered are capable of establishing the remote code execution and the other two vulnerabilities don’t need any permission by the attackers related to authentication.

None of these identified vulnerabilities is used in the attacks, but the CISA believes that the attackers are using the reverse engineering methods to create the working exploits because these vulnerabilities are severity and disclosed publicly.

Since, to prevent another high-level attack on the Microsoft Exchange server, the CISA is taking every action required. They will update their previously released Emergency Directive and also issues an order to all the federal agencies to install and update the security patch by 12:01 AM on Friday.

However, CISA is aware that these vulnerabilities may cause an unacceptable risk to other enterprises and the required action is required to be taken. The vulnerability would be weaponized or combined with widespread use that affects the software that is of high potential for the compromise or infected agency.

Actions Taken by Agencies

CISA Ordered the Federal Agencies until Friday to Patch Exchange Server!

CISA also gives the list of actions that had to taken by all the Agencies are listed below and they have to perform the actions while applying the supplemental direction.

Apply to Maintain Control: Ensure that the technical or management controls are placed and updated. The organizations had to disconnects the previous endpoint and updated them before connecting to the network.
Report Indications of Compromise: The organization had to report the unidentified or unauthorized cyber incidents to the related departments and also check for the update from the legitimate sites.
Deploy Microsoft Updates: Before April 16th, 2021, the organizations associated with the Microsoft Exchange server had to unwise the Microsoft update that was driven on 13th April 2021 that not fixed the open vulnerabilities present in the Exchange server. Those who couldn’t update their server before the deadline must be removed from the agency network on an immediate basis.
Report Completion: The organization that is managing on-premises Microsoft Exchange servers and department-level CIO officers had to submit a report to the CISA with the help of data provided to the site before 16th April 2021.

CISA strictly advised the organizations to perform the above-mentioned action before the deadline. The organization that is unable to execute or apply these updates will be removed from the agency network.

Actions Taken by Agencies

Please Share This Share this content

You Might Also Like

Elevate Your Wireless Security Strategy with Xiarch’s Penetration Testing

Local Businesses, Keep Your Critical Infrastructure Secure with Our SCADA & ICS Security Assessment Services. Don’t Compromise on Safety.

Chinese Malware Targeted Russia’s Largest Nuclear Submarine Designer!

Leave a Reply Cancel reply

Share this content