The Department of Homeland Security (DHS) has issued Emergency Directive 21-02, warning of the recent vulnerabilities discovered in Microsoft’s Exchange server. According to the Cybersecurity & Infrastructure Security Agency (CISA), the potential exploitation of these newly discovered vulnerabilities poses “an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.” Currently, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 are related to known exploitation of Microsoft Exchange. The DHS directive goes on to say Microsoft also relates CVE-2021-26412, CVE-2021-26854 and CVE-2021-27078, though these are not yet known to be exploited in the wild. By issuing an emergency directive, the DHS is requiring all federal agencies to either hunt for signs of compromise and patch or disconnect all Exchange instances and wait for further orders.
Binary Defense highly recommends all organizations using on-premise installations of Exchange update to the latest version immediately. Several reports have been released, including those from Microsoft and CISA, detailing indicators of compromise (IOCs) that can be searched for on Exchange servers. At this time, it is not currently believed that these vulnerabilities affect Microsoft 365 or Azure Cloud deployments.