Threat Watch

Federal Agencies Given Deadline to Look For Compromised Exchange Servers

Federal agencies have been ordered by the Cybersecurity and Infrastructure Security Agency (CISA) yesterday to look for signs of compromised Exchange servers in their networks. Agencies must run the Test-ProxyLogon.ps1 script and Microsoft Safety Scanner tool released by Microsoft, reporting any findings by Monday, April 5th. This is an update to Directive 21-02 issued earlier in early March, urging agencies to assess whether their Exchange servers had been compromised and to immediately apply patches to clean systems and disconnecting those that had been infected. The emergency directive also lays out a June 28th deadline for hardening Exchange severs. Several items for doing so are outlined, including ensuring a firewall sits between the Exchange server and the Internet, ensuring all security and cumulative updates are applied within 48 hours, removing all unsupported or outdated software and more.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Many of the steps listed in the hardening requirements section of Directive 21-02 apply to any organization and any type of server or service. Binary Defense highly suggests following these steps to secure Exchange servers within the enterprise. The tools released by Microsoft will also assist administrators in assessing Exchange servers for signs of compromise. Any servers found to be compromised should be immediately removed from the network for further investigation and re-imaging.

Source: https://www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support