CISA orders agencies to fix Microsoft vulnerabilities abused by Chinese hackers

Agencies must patch or disconnect the vulnerable software

A laptop on a table with the Microsoft Exchange logo displayed

CISA has ordered US federal civilian agencies to tackle Microsoft flaws suspected to be involved in a Chinese spying campaign. Agencies must act by the end of the week. 

The order requires agencies to either apply security fixes for the Microsoft Exchange Server software’s vulnerabilities or disconnect the program until they can reconfigure it securely if the system is compromised.

The US agency's Emergency Directive 21-02, "Mitigate Microsoft Exchange On-Premises Product Vulnerabilities," was issued yesterday.

It said that its partners had “observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products”.

"Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network," the agency said.

It added that the vulnerabilities present an "unacceptable risk to Federal Civilian Executive Branch agencies. 

Agencies will have to forensically triage artifacts using collection tools to collect system memory, system web logs, windows event logs, and all registry hives. If agencies find no indications of compromise, they must immediately apply Microsoft patches for Microsoft Exchange servers.

"This Emergency Directive remains in effect until all agencies operating Microsoft Exchange servers have applied the available patch or the Directive is terminated through other appropriate action," the agency added.

Microsoft’s disclosure of significant Exchange Server software vulnerabilities brings to the fore certain challenges and themes seen simmering under the surface for a long time in national cyber security.

Steve Forbes, government cyber security expert at Nominet said there’s a tendency to treat cyber security issues between the private and public sectors as separate siloes. 

“However, these vulnerabilities demonstrate how flawed that view is. Not only are governments susceptible to software vulnerabilities like any business, but they also face the debate of how extensively to use cloud providers. While historically there has been a perception that it is more secure and robust to run your own infrastructure, this is a good example of where the opposite is true,” Forbes said.

Forbes said CISA’s directive is the latest in a series of increasingly regular emergency directives the agency has issued since its establishment two years ago. 

“Vulnerabilities like these demonstrate the necessity for these coordinated national protective measures to efficiently and effectively mitigate the effects of attacks that could have major national security implications,” he said.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Apple to send exec to App Store Senate hearing after initially declining
Policy & legislation

Apple to send exec to App Store Senate hearing after initially declining

12 Apr 2021
Microsoft buys AI firm Nuance Communications for $19.7 billion
voice recognition

Microsoft buys AI firm Nuance Communications for $19.7 billion

12 Apr 2021
US limits exports to Chinese supercomputing entities
Policy & legislation

US limits exports to Chinese supercomputing entities

9 Apr 2021
Google adds new compliance and security certifications for Google Cloud
compliance

Google adds new compliance and security certifications for Google Cloud

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021