Hot on the heels of Microsoft’s announcement about active cyber-espionage campaigns that are exploiting four serious security vulnerabilities in Microsoft Exchange Server, the U.S. government is mandating patching for the issues. The news comes as security firms report escalating numbers of related campaigns led by sophisticated adversaries against a range of high-value targets, especially in the U.S. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive, warning that its partners have observed active exploitation of the bugs in Microsoft Exchange on-premises products, which allow attackers to have “persistent system access and control of an enterprise network.” “CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” reads the March 3 alert. “This determination is based on the current exploitation of these vulnerabilities in the wild, the likelihood of the vulnerabilities being exploited, the prevalence of the affected software in the federal enterprise, the high potential for a compromise of agency information systems and the potential impact of a successful compromise.” Rapidly Spreading Exchange Server Attacks Earlier this week Microsoft said that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server, spurring it to release…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-03-04 12:08:002021-03-04 12:08:00CISA Orders Fed Agencies to Patch Exchange Servers
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com