CISA Releases Supplemental Guidance on Emergency Directive for
Microsoft Exchange Server Vulnerabilities
(TLP:WHITE)

 

CISA has released (TLP:WHITE) Current Activity: CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities. CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening requirements for federal agencies. Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner, MSERT—to investigate whether their Microsoft Exchange Servers have been compromised.

CISA Recommendations:

Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review:

CyberLiaison
Cybersecurity Division
Cybersecurity and Infrastructure Security Agency