U.S. Homeland Security Demands Government Agencies Patch Critical MS Exchange Flaws ASAP
Though Microsoft Exchange servers are quickly being patched, hackers have been ramping up their efforts to take advantage of the situation while they still can. As such, the United States Cybersecurity and Infrastructure Security Agency (CISA), a division of Homeland Security, has hardened its requirements for government agencies in hopes of thwarting future attacks.
"Given the powerful privileges that Exchange manages by default and the amount of potentially sensitive information that is stored in Exchange servers operated and hosted by (or on behalf of) federal agencies, Exchange servers are a primary target for adversary activity," CISA says.
CISA notes its partners have observed active exploitation of vulnerabilities in Microsoft Exchange server products on government premises, saying it poses an "unacceptable risk" to various agencies and "requires emergency action."
"This determination is based on the current exploitation of these vulnerabilities in the wild, the likelihood of the vulnerabilities being exploited, the prevalence of the affected software in the federal enterprise, the high potential for a compromise of agency information systems, and the potential impact of a successful compromise," CISA adds.
That being the case, CISA has outlined specific security policies that affected government agencies must follow. Among the required actions, agencies essentially have to audit all instances of Microsoft Exchange server products, which includes utilizing collection tools to examine system memory, system web logs, windows event logs, and registry hives.
Assuming there are no signs of compromise, agencies are then required to "immediately" patch their systems, then submit a report to CISA by noon on March 5, 2021.
If an agency does find signs that its systems have been compromised, CISA says they must disconnect affected systems right away and report what was found.
Over the past several weeks, Microsoft Exchange vulnerabilities have led to a rash of attacks, and emergency patches being issued. On the flip side, a security researcher recently made headlines for luring Microsoft Exchange ransomware bandits with a 'honeypot', which is basically a fake computer resource designed to be enticing to malicious actors.
Issuing patches is one thing, but getting organizations to apply them is another. To that end, Microsoft claims 92 percent of worldwide Exchange IPs are now patched or mitigated. Homeland Security is not taking any chances, though, hence the newly hardened requirements that government agencies are required to follow.