Just_Super / iStock.com

By

Mariam Baksh

By April 15, one minute after midnight, federal agencies must have fixed new vulnerabilities in Microsoft’s on-premises Exchange servers, the Cybersecurity and Infrastructure Security Agency said.

“Microsoft Exchange Server, the cannot be updated within the above-mentioned period must be removed from the agency networks immediately, “states a supplement to the CISA guideline published on Tuesday.

The guideline also stipulates that the equivalents of the chief information officer of the federal authorities must report the completion of the new required actions to CISA by Friday noon.

“These vulnerabilities are different from those that were announced and resolved in March 2021. The security updates released in March 2021 will not address these vulnerabilities,” said CISA . “Given the powerful permissions that Exchange manages by default and the amount of potentially sensitive information stored on Exchange servers operated and hosted by (or on behalf of) federal agencies, Exchange servers are a prime target for adversary activity . “

The updated policy follows suggestions from Microsoft and the National Security Agency that organizations would prioritize fixing four vulnerabilities that the agency found in the company’s local Exchange servers that would allow an adversary to Execute code on a victim’s systems remotely.

“Cybersecurity is national security,” said Rob Joyce, director of cybersecurity for the NSA, in an email referencing a Microsoft blog post about the vulnerabilities on Tuesday Give Give them the opportunity to exploit this vulnerability on your system. “

Every month Microsoft publishes fixes for vulnerabilities they or outside groups and individuals find on their systems. The process creates a race between defenders to update systems and attackers who can reverse engineer the patches to attack entities This month’s release contained a total of 95 vulnerabilities.

A spokesman for the NSA pointed out the agency’s obligation to uncover the vulnerabilities found rather than keep them secret to use as weapons in offensive operations This practice has fueled the agency in the past.

“After we discovered the vulnerabilities, we started the disclosure process to protect the nation and our allies,” the spokesman said reported, they immediately created a patch. The NSA values ​​partnership in the cybersecurity community. Nobody. “Companies can secure their networks on their own. We don’t just want to preach partnership – we practice it – and show our work. We continue the partnership by demanding the immediate application of the patches.”

Microsoft said it did not see any active exploitation of the vulnerabilities, but urged customers to prioritize them based on recent activity for Exchange servers, which spurred the original CISA directive.

“This month’s release contains a number of critical vulnerabilities, their We recommend prioritization, including updates to protect against new vulnerabilities in local Exchange servers, ”the blog post said. “We didn’t see the security gaps in attacks on our customers. However, given the recent opponents’ focus on Exchange, we encourage customers to install the updates as soon as possible to ensure they remain protected from these and other threats. “

NEXT STORY:

Former DHS secretary details SolarWinds hackers’ access to his email

When you visit our website, we store cookies in your browser in order to collect them
Information. The information collected can be related to you, your preferences, or your device, and most of the time it is
Used to make the website the way you expect it to be and to provide a more personalized web experience. But you
You cannot allow certain types of cookies, which can affect your experience with the website and the website
Services that we can offer. Click on the different category headings to learn more and change ours
Default settings according to your needs. You cannot necessarily cancel our first party
Cookies as they are provided to ensure the proper functioning of our website (e.g.
Cookie banner and saving your preferences to log into your account to redirect you when you log out,
etc.). You can find more information about the cookies used by first and third party providers under this link.

We do not allow you to deactivate certain cookies, as this is necessary
Ensure the proper functioning of our website (e.g. requesting our cookie banner and reminding you of your privacy
Choices) and / or to monitor site performance. These cookies are not used in a way that represents a “sale” of
Your details under the CCPA. You can set your browser so that it blocks or notifies you about these cookies, but about certain parts
the website will not work as intended when you do this. You can usually find these settings in the options or
Settings menu of your browser. Visit www.allaboutcookies.org
to learn more.

The California Consumer Privacy Act gives you the right to log off from the Internet
Selling your personal information to third parties. These cookies collect information for analysis and too
Personalize your experience with targeted ads. You can exercise your right to refuse to sell personal items
Information with this toggle switch. If you unsubscribe, we will not be able to offer you personalized ads
will not pass your personal data on to third parties. You can also contact our legal department
Department to further clarify your rights as a California consumer through this exercise My
Right link

If you have activated the data protection provisions in your browser (e.g. a plugin), we have
to consider this as a valid invitation to opt out. Therefore, we cannot track your activities through this
Network. This can affect our ability to personalize ads according to your needs.

Targeting cookies can be set by our advertising partners through our website. you
can be used by these companies to profile your interests and show you relevant advertisements on others
Websites. They do not save any direct personal information, but are based on the unique identification of your browser and
Internet device. If you do not allow these cookies, less targeted advertising will be served.

Social media cookies are set by a number of social media services that we have
has been added to the website so that you can share our content with your friends and networks. You can do it
Track your browser on other websites and create a profile of your interests. This can affect the
Content and messages you see on other websites you visit. If you don’t allow these cookies, you may not be
will be able to use or view these approval tools.

If you would like to opt out of all of our lead reports and lists, please submit an
Privacy request on our Do not sell page.

A cookie is a small piece of data (text file) that a website – when it is visited by one
User – asks your browser to save on your device in order to remember information about you, such as:
Language setting or login information. These cookies are set by us and are referred to as first-party cookies. We also
Use third party cookies. These are cookies from a domain that is different from the domain of the website you are on
Visit – for our advertising and marketing efforts. In particular, we use cookies and other tracking functions
Technologies for the following purposes:

We do not allow you to deactivate certain cookies as this is necessary
Ensure the proper functioning of our website (e.g. requesting our cookie banner and reminding you of your privacy
Choices) and / or to monitor site performance. These cookies are not used in a way that represents a “sale” of
Your details under the CCPA. You can set your browser so that it blocks or notifies you about these cookies, but about certain parts
the website will not work as intended when you do this. You can usually find these settings in the options or
Settings menu of your browser. Visit www.allaboutcookies.org
to learn more.

We do not allow you to disable certain cookies as this is required
ensure the smooth functioning of our
Website (e.g. request for our cookie banner and reminder of your privacy choices) and / or monitoring of the website
Performance. These cookies are not used in a way that constitutes a “sale” of your information under the CCPA. you
You can set your browser to block or notify you about these cookies, but some parts of the website will not work that way
intended when you do this. You can usually find these settings in the Options or Settings menu of your
Browser. Visit www.allaboutcookies.org
to learn more.

We do not allow you to disable certain cookies as this is necessary
ensure the smooth functioning of our
Website (e.g. request for our cookie banner and reminder of your privacy choices) and / or monitoring of the website
Performance. These cookies are not used in a way that constitutes a “sale” of your information under the CCPA. you
You can set your browser to block or notify you about these cookies, but some parts of the website will not work that way
intended when you do this. You can usually find these settings in the Options or Settings menu of your
Browser. Visit www.allaboutcookies.org
to learn more.

We also use cookies to personalize your experience on our websites, including from
Identifying the most relevant content and ads to be shown to you and monitoring website traffic and
Performance so that we can improve our websites and your experience. You can unsubscribe from our use of such
Cookies (and the associated “sale” of your personal data) using this toggle switch. You still will
see some advertisements regardless of your choices. Since we don’t track you across different devices,
Browser and GEMG properties, your selection will only take effect for this browser, this device and this one
Website.

We also use cookies to personalize your experience on our websites, including from
Identifying the most relevant content and ads to be shown to you and monitoring website traffic and
Performance so that we can improve our websites and your experience. You can unsubscribe from our use of such
Cookies (and the associated “sale” of your personal data) using this toggle switch. You still will
see some advertisements regardless of your choices. Since we don’t track you across different devices,
Browser and GEMG properties, your selection will only take effect on this browser, this device and this one
Website.

We also use cookies to personalize your experience on our websites, including from
Identifying the most relevant content and ads to be shown to you and monitoring website traffic and
Performance so that we can improve our websites and your experience. You can unsubscribe from our use of such
Cookies (and the associated “sale” of your personal data) using this toggle switch. You still will
see some advertisements regardless of your choices. Since we don’t track you across different devices,
Browser and GEMG properties, your selection will only take effect on this browser, this device and this one
Website.

Ref: https://www.nextgov.com