CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities (TLP:WHITE)

CISA Releases Supplemental Guidance on Emergency Directive for
Microsoft Exchange Server Vulnerabilities (TLP:WHITE)

CISA has released (TLP:WHITE) Current Activity: CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities. CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening requirements for federal agencies. Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner, MSERT—to investigate whether their Microsoft Exchange Servers have been compromised.

CISA Recommendations:

Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review:

• the supplemental direction
  CISA Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
• CISA Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
• CISA web page: Remediating Microsoft Exchange Vulnerabilities
• Microsoft’s EOMT.ps1 blog post

CyberLiaison
Cybersecurity Division
Cybersecurity and Infrastructure Security Agency