Threat Watch

DHS Warns of Recent Exchange Vulnerabilities

The Department of Homeland Security (DHS) has issued Emergency Directive 21-02, warning of the recent vulnerabilities discovered in Microsoft’s Exchange server. According to the Cybersecurity & Infrastructure Security Agency (CISA), the potential exploitation of these newly discovered vulnerabilities poses “an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.” Currently, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 are related to known exploitation of Microsoft Exchange. The DHS directive goes on to say Microsoft also relates CVE-2021-26412, CVE-2021-26854 and CVE-2021-27078, though these are not yet known to be exploited in the wild. By issuing an emergency directive, the DHS is requiring all federal agencies to either hunt for signs of compromise and patch or disconnect all Exchange instances and wait for further orders.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Binary Defense highly recommends all organizations using on-premise installations of Exchange update to the latest version immediately. Several reports have been released, including those from Microsoft and CISA, detailing indicators of compromise (IOCs) that can be searched for on Exchange servers. At this time, it is not currently believed that these vulnerabilities affect Microsoft 365 or Azure Cloud deployments.

Source: https://www.bleepingcomputer.com/news/security/dhs-orders-agencies-to-urgently-patch-or-disconnect-exchange-servers/

https://cyber.dhs.gov/ed/21-02/

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support