US Government Issues Emergency Patch Directive For Microsoft Exchange 0-Day Vulnerability

cisa publishes emergency directive for exchange server vulnerability 2
We reported yesterday that Microsoft patched four zero-day vulnerabilities affecting Microsoft Exchange servers. As it turns out, Chinese hackers exploited these vulnerabilities in the wild and seemingly managed to ensnare the U.S. Government. The Department of Homeland Security has now published an emergency directive instructing any government agency with Microsoft Exchange servers on-premises to patch immediately.

According to Microsoft, “a group assessed to be state-sponsored and operating out of China” gained access to email as well as installed persistent malware through Exchange server vulnerabilities. It is believed that the hackers primarily targeted “entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.”

The Cybersecurity and Infrastructure Security Agency (CISA), which operates under the oversight of the Department of Homeland Security, subsequently reported that its partners found active exploits in the wild. Thus, the organization determined that this posed “an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.” Therefore, government organizations must investigate if Exchange servers were breached and take the necessary patching precautions.

CISA will continue to monitor the situation with partners and release additional information as it becomes available. Though this warning only is directed at federal agencies, private organizations should heed the warnings and instructions to ensure their own security.