The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday.
Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA.
These Exchange vulnerabilities are capable of remote code execution, with two vulnerabilities not requiring attackers to authenticate first.
While none of the vulnerabilities are known to be used in attacks, CISA believes that threat actors will reverse engineer the patches to create working exploits due to their severity and public disclosure.
While none of these vulnerabilities are known to be used in attacks, due to their severity and public disclosure, CISA believes that threat actors will reverse engineer the patches to create working exploits.
Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business
To prevent another widescale attack on Microsoft Exchange servers, CISA has updated their previously released Emergency Directive 21-02 to require all federal agencies to install today’s security updates by 12:01 AM on Friday, April 16th, 2021.
“CISA has determined that these vulnerabilities pose an unacceptable risk to the Federal enterprise and require an immediate and emergency action.
“This determination is based on the likelihood of the vulnerabilities being weaponized, combined with the widespread use of the affected software across the Executive Branch and high potential for a compromise of integrity and confidentiality of agency information.” reads the Supplemental Direction v2 for Emergency Directive 21-02.
To comply with the Supplemental Direction v2, federal agencies are required to perform the following actions:
Also Read: Data Protection Officer Singapore | 10 FAQs
CISA states that federal agencies must continue these actions until another subsequent directive is issued.