CISA orders agencies to fix Microsoft vulnerabilities abused by Chinese hackers

Agencies must patch or disconnect the vulnerable software

CISA has ordered US federal civilian agencies to tackle Microsoft flaws suspected to be involved in a Chinese spying campaign. Agencies must act by the end of the week. 

The order requires agencies to either apply security fixes for the Microsoft Exchange Server software’s vulnerabilities or disconnect the program until they can reconfigure it securely if the system is compromised.

The US agency's Emergency Directive 21-02, "Mitigate Microsoft Exchange On-Premises Product Vulnerabilities," was issued yesterday.

It said that its partners had “observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products”.

"Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network," the agency said.

It added that the vulnerabilities present an "unacceptable risk to Federal Civilian Executive Branch agencies. 

Agencies will have to forensically triage artifacts using collection tools to collect system memory, system web logs, windows event logs, and all registry hives. If agencies find no indications of compromise, they must immediately apply Microsoft patches for Microsoft Exchange servers.

"This Emergency Directive remains in effect until all agencies operating Microsoft Exchange servers have applied the available patch or the Directive is terminated through other appropriate action," the agency added.

Microsoft’s disclosure of significant Exchange Server software vulnerabilities brings to the fore certain challenges and themes seen simmering under the surface for a long time in national cyber security.

Steve Forbes, government cyber security expert at Nominet said there’s a tendency to treat cyber security issues between the private and public sectors as separate siloes. 

“However, these vulnerabilities demonstrate how flawed that view is. Not only are governments susceptible to software vulnerabilities like any business, but they also face the debate of how extensively to use cloud providers. While historically there has been a perception that it is more secure and robust to run your own infrastructure, this is a good example of where the opposite is true,” Forbes said.

Forbes said CISA’s directive is the latest in a series of increasingly regular emergency directives the agency has issued since its establishment two years ago. 

“Vulnerabilities like these demonstrate the necessity for these coordinated national protective measures to efficiently and effectively mitigate the effects of attacks that could have major national security implications,” he said.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Microsoft buys game developer Activision Blizzard for $68.7 billion
mergers and acquisitions

Microsoft buys game developer Activision Blizzard for $68.7 billion

18 Jan 2022
Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update
cyber security

Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update

12 Jan 2022
Windows 11 problems and how to fix them
Microsoft Windows

Windows 11 problems and how to fix them

7 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022