CISA issues emergency directive and alert on Microsoft Exchange vulnerabilities

CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities could allow an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network. 

CISA strongly recommends organizations examine their systems to detect any malicious activity detailed in Alert AA21-062A. Review the following resources for more information:

• CISA Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
• AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
• Microsoft Security Blog Post: Multiple Security Updates Released for Exchange Server