CISA orders all agencies to install new Microsoft Exchange patches


Microsoft on Tuesday released patches for three versions of its Exchange Server email and calendar software that companies use in on-premises data centers, and the federal government has ordered all agencies to install them, warning that the vulnerabilities being patched “pose an unacceptable risk to the Federal enterprise and require an immediate and emergency action.”

The updates come a month after Microsoft took action to respond to attacks on other flaws in Exchange Server, which the company said had been exploited by Chinese hackers. But unlike last time, Microsoft said in a blog post it has not yet observed exploits of the newly discovered holes.

Nonetheless, the widespread usage of Exchange, and the importance of email in general, has spurred the federal government to sound the alarm.

In a Tuesday directive, the U.S. Cybersecurity and Infrastructure Security Agency noted that these vulnerabilities are “different from the ones disclosed and fixed in March 2021” and ordered all government agencies to deploy the patches before Friday.

“Given the powerful privileges that Exchange manages by default and the amount of potentially sensitive information that is stored in Exchange servers operated and hosted by (or on behalf of) federal agencies, Exchange servers are a primary target for adversary activity,” CISA wrote. “This determination is based on the likelihood of the vulnerabilities being weaponized, combined with the widespread use of the affected software across the Executive Branch and high potential for a compromise of integrity and confidentiality of agency information.”

The new patches apply to the 2013, 2016 and 2019 versions of Exchange Server.

The company said organizations using the cloud-based Exchange Online service included in Microsoft 365 subscription bundles is already protected.

Microsoft gave credit to the U.S. National Security Agency for reporting the new vulnerabilities.



Source link

Discover

Sponsor

Latest

2021 Volvo XC40 Recharge EV: More Powerful, But Also More Expensive

Despite excellent packaging and an impressive array of safety features, the Volvo XC40 is a little less fun to drive than its spunky...

Merck says Kenneth Frazier to retire as CEO effective June 30

Merck says Kenneth Frazier to retire as CEO effective June 30 Source link

Bank of England holds rates steady as coronavirus outlook remains uncertain

A woman wearing a protective face mask crosses the road in front of the Bank of England in what would normally be the...

Ad tech company PubMatic stock pops 10% in first earnings report

PubMatic signage on day of IPO at the NasdaqSource: NasdaqAd tech company PubMatic, which launched an initial public offering in December, saw shares...

WHO frets Europe’s ICU beds are nearing capacity in some areas

A member of the medical staff treats a patient suffering from the coronavirus disease (COVID-19) at the Intensive Care Unit (ICU) of the...