Federal agencies have been ordered by the Cybersecurity and Infrastructure Security Agency (CISA) yesterday to look for signs of compromised Exchange servers in their networks. Agencies must run the Test-ProxyLogon.ps1 script and Microsoft Safety Scanner tool released by Microsoft, reporting any findings by Monday, April 5th. This is an update to Directive 21-02 issued earlier in early March, urging agencies to assess whether their Exchange servers had been compromised and to immediately apply patches to clean systems and disconnecting those that had been infected. The emergency directive also lays out a June 28th deadline for hardening Exchange severs. Several items for doing so are outlined, including ensuring a firewall sits between the Exchange server and the Internet, ensuring all security and cumulative updates are applied within 48 hours, removing all unsupported or outdated software and more.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in