CISA releases supplemental direction on emergency directive for Microsoft Exchange Server
CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSER—to investigate whether their Microsoft Exchange Servers have been compromised.
Tim Wade, Technical Director, CTO Team at Vectra, says, “If there ever was a question of the impact and risk associated with these vulnerabilities, it should clearly be answered now -- CISA has instructed organizations with insufficient cybersecurity expertise to fully disconnect their on-premises exchange infrastructure until such a time as instructions for rebuilding and reprovisioning are provided. Given the importance of email for modern business, these directives indicate that there are organizations who may be implicitly instructed to stand down from the full execution of their primary function unless and until remediation occurs.”