DHS CISA Shares More Microsoft Exchange Vulnerability Guidance
Health IT Security
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency released another emergency directive designed to further mitigate vulnerabilities in on-prem Microsoft Exchange servers and harden perimeter defenses.
While directed at federal agencies, CISA officials are urging all private sector and infrastructure agencies, such as the healthcare sector, to review the triage guidance and assess newly developed tools to prevent attackers from exploiting any of the reported four zero-day flaws.
First reported in early March, Microsoft issued an out-of-band patch for vulnerabilities in Exchange versions 2013, 2016, 2019. Exploits could enable an attacker to send arbitrary HTTP requests and authenticate to the server, even without legitimate credentials.
At the time, nation-state actors were...