Subject: DHS issues emergency cybersecurity directive re Microsoft Exchange

AlertsUSA Logo - Allow Images
SMS Alert Text:

Attn Sysadmins: DHS issues emergency cybersecurity directive re active exploitation of vulnerabilities in Microsoft Exchange on-premises products. See email.

Supplemental Info:

Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency, to “issue an emergency directive to the head of an agency to take any lawful action with respect to the operation of the information system, including such systems used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information, for the purpose of protecting the information system from, or mitigating, an information security threat.” 44 U.S.C. § 3553(h)(1)–(2)

Section 2205(3) of the Homeland Security Act of 2002, as amended, delegates this authority to the Director of the Cybersecurity and Infrastructure Security Agency. 6 U.S.C. § 655(3).

Federal agencies are required to comply with these directives. 44 U.S.C. § 3554 (a)(1)(B)(v)

These directives do not apply to statutorily-defined “national security systems” nor to systems operated by the Department of Defense or the Intelligence Community. 44 U.S.C. § 3553(d), (e)(2), (e)(3), (h)(1)(B).

Background

CISA partners have observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products. Neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.

CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. This determination is based on the current exploitation of these vulnerabilities in the wild, the likelihood of the vulnerabilities being exploited, the prevalence of the affected software in the federal enterprise, the high potential for a compromise of agency information systems, and the potential impact of a successful compromise.

Read the full Emergency Directive:



Service Notes:

This email message is a component of the AlertsUSA Homeland Security Threat and Incident Notification Service for mobile devices. You have paid for this service and are encouraged to archive these messages.
Service Issues? Let Us Know
service@AlertsUSA.com

Discount Subscription Link (share w/ friends):
https://AlertsUSA.com/discount.html

Threat Journal Newsletter:
https://ThreatJournal.com

Connect With Us:
Twitter: https://twitter.com/AlertsUSA
AlertsUSA, Inc, 29488 Woodward Ave #423, Royal Oak, Michigan 48073, United States
You may unsubscribe or change your contact details at any time.

    This is an online snapshot of a newsletter created by the owner of AlertsUSA (AlertsUSA, Inc, 29488 Woodward Ave #423, 48073 Royal Oak, United States) and sent via GetResponse on 2021-03-03. Report abuse