CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now | WHAT REALLY HAPPENED

CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive following the release of fixes for zero-day vulnerabilities in Microsoft Exchange.

The US agency's Emergency Directive 21-02, "Mitigate Microsoft Exchange On-Premises Product Vulnerabilities," was issued on March 3.

This week, Microsoft warned that four zero-day vulnerabilities in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 are being actively exploited by a suspected state-sponsored advanced persistent threat (APT) group from China called Hafnium.

Exchange Online is not affected by the bugs. However, Exchange Server is software used by government agencies and the enterprise alike, and so Microsoft's warning to apply provided patches immediately should not be ignored.

Comments

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA